Vulnerability in Microsoft Windows Media Player 9 Could Allow Media Library Access

Reported June 25, 2003, by Microsoft.

VERSIONS AFFECTED

·        Microsoft Windows Media Player (WMP) 9 Series

DESCRIPTION

A new vulnerability in Microsoft Windows Media Player (WMP) 9 Series can result in the modification of Windows Media Library entries. This vulnerability stems from a flaw in the way an ActiveX control provides access to information on the user’s computer. By invoking the ActiveX control from script code, an attacker can view and manipulate metadata contained in the media library on the user's computer.

VENDOR RESPONSE

Microsoft has released Security BulletinMS03-021, "Flaw In Windows Media Player May Allow Media Library Access (819639)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin.

CREDIT

Discovered byJelmer.

Reported June 25, 2003, by Microsoft.

VERSIONS AFFECTED

·        Microsoft Windows Media Player (WMP) 9 Series

DESCRIPTION

A new vulnerability in Microsoft Windows Media Player (WMP) 9 Series can result in the modification of Windows Media Library entries. This vulnerability stems from a flaw in the way an ActiveX control provides access to information on the user’s computer. By invoking the ActiveX control from script code, an attacker can view and manipulate metadata contained in the media library on the user's computer.

VENDOR RESPONSE

Microsoft has released Security BulletinMS03-021, "Flaw In Windows Media Player May Allow Media Library Access (819639)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin.

CREDIT

Discovered byJelmer.