Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
Windows Media Player Flaw Puts PCs at Risk
Security hole in media player's antipiracy feature could allow hackers to access your computer.
Joris Evers, IDG News Service
A flaw in an antipiracy feature in Microsoft's Windows Media Player could put systems at risk to hacker attacks, Microsoft warned in a security bulletin Wednesday.
All the currently supported versions of Windows Media Player, versions 6.4, 7.1, and Windows Media Player for Windows XP, are flawed in the way they handle a license request for certain secure media files. An attacker could exploit this flaw to hijack a user's system and take any action a user is capable of, Microsoft says.
The media player, when it requests license information from a server, erroneously discloses the location on the user's system of the Internet Explorer cache, which is used by IE to temporarily store files. An attacker could use this information to bypass IE's security mechanisms and run executable files in the cache, Microsoft says.
IE's Information
IE places information that a Web page or an HTML e-mail need to have stored on the user's system--a file for example--in the cache and retrieves it later for handling. One way the cache is protected against direct access is by using dynamic folder names. The cache should only be accessible by IE, Microsoft says.
An attacker could exploit the vulnerability by sending an HTML e-mail with a specially formed Windows Media file or by hosting the file on a Web site. In both cases, the IE cache location could be returned to the attacker's site once the file is played, at which point the attacker could try to run an executable in the cache, Microsoft says.
Microsoft released a software patch to fix this problem. The patch, called a cumulative patch, also includes all previously released patches for Windows Media Player and two other new patches that fix less broad security problems.
Critical Fix
Microsoft does rate a newly patched privilege elevation vulnerability in Windows Media Player 7.1 when run on Windows 2000 "critical." A malicious user could exploit the flaw in a part of Media Player that deals with storage devices to increase his privilege level on a Windows 2000 system. The user would need to write a special software program to do that, Microsoft says.
The third newly patched vulnerability could allow an attacker to run a script of his choice on the user's computer and affects only Windows Media Player 7.1. Microsoft deems this a "low" risk vulnerability as a successful attack requires a specific series of user actions to follow in exact order.
More information about the flaws and the patch, which Microsoft urges users apply immediately, can be found on Microsoft's Web site.
Microsoft Office Home and Student 2007
Perfect Print Solutions
People who read this also read:
Best Prices on Antivirus Software
Norton Antivirus 2010 (Full Product, 1 User)Price: $17.90
Anti-virus 2010 (OEM Product, 1 User)Price: $20.99
AntiVirus 2010 (Full Product)Price: $24.95
Norton AntiVirus 2009 (Full Product)Price: $16.89
AntiVirus Plus 2010 - 3 Users (Full Product)Price: $11.95
Norton Antivirus 2010 (Full Product, 3 Users)Price: $38.50
-
Perfect Printing Solutions Find just the right All-in-One Printer for you from HP. Visit the HP Resource Center.
-
Acer Laptop Center Forget the Mouse...check out the next generation multi-gesture touch screen technology from Acer.
-
Dell Shopping Center Check out great deals from Dell!
