http://www.theregister.co.uk/content/6/19164.html By Thomas C Greene in Washington Posted: 24/05/2001 at 06:02 GMT The Windows Media Player ASX (Active Stream Redirector) processor contains an unchecked buffer susceptible to an overrun which could enable an attacker to run arbitrary code on a machine with the victim's level of permission, a Microsoft security bulletin warns. Media Player 6.4 and 7.0 are affected; and earlier, currently-unsupported versions 'may or may not be,' the company says. Developing an exploit would require the cobbling together of a malicious file which could be circulated via e-mail or linked on a malicious Web site. All that remains is to entice the unlucky victim to open it. Naming it sororitysuck.asx ought to do the trick here, we reckon. Alternatively, a malicious HTML page could be set up to run an attack script automatically when it's viewed. A second, less destructive, vulnerability could enable an attacker to exploit maliciously-crafted shortcuts, which Media Player 6.4 and 7.0 save to the user's temporary files directory with a known file name. "It's possible for HTML code to be stored in such a shortcut and launched via a Web page or HTML e-mail, in which case the code would run in the Local Computer Zone rather than the Internet Zone. An attacker could exploit this vulnerability to read - but not add, delete or modify - files on another user's computer," the security bulletin explains. Media Player 6.4 users can download a patch to clear up both defects here; while 7.0 users can fix their systems by upgrading to 7.1 here. ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribeat_private
This archive was generated by hypermail 2b30 : Thu May 24 2001 - 23:29:03 PDT