Full Disclosure mailing list archives
Windows Mediaplayer separate vulnerability?
From: "Lise Moorveld" <lise_moorveld () hotmail com>
Date: Thu, 09 Oct 2003 16:53:40 +0200
Hello,In Microsoft Security Bulletin MS03-040 [1] regarding a cumulative patch for Internet Explorer, users are recommended to install a patch for Windows Mediaplayer (KB article 828026 [2]). However, they state that this is not a security issue.
CERT, on the other hand, states the following about the Mediaplayer issue in VU#222044 [3]: "A remote attacker may be able to execute arbitrary code on the local system."
Which sounds pretty serious.Secunia appears to agree [4]. However, it is unclear on what information both CERT and Secunia base this conclusion.
Finally, SecurityFocus links this issue to an issue [5] reported by http-equiv back in july in BID8263 [6]. Although SecurityFocus does admit there is very little info at the moment on which to base this.
Does anybody know what's up? Is this a new issue that is being downplayed by Microsoft? Is it an old issue? Or is it really not a security issue and can it only be exploited in conjunction with other vulnerabilities, as MS states.
Any ideas? regards, Lise references: [1] http://www.microsoft.com/technet/security/bulletin/MS03-040.asp [2] http://support.microsoft.com/default.aspx?scid=kb;en-us;828026 [3] http://www.kb.cert.org/vuls/id/222044 [4] http://www.secunia.com/advisories/9957/ [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0604 [6] http://www.securityfocus.com/bid/8263 _________________________________________________________________Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Windows Mediaplayer separate vulnerability? Lise Moorveld (Oct 09)
- <Possible follow-ups>
- Fw: Windows Mediaplayer separate vulnerability? http-equiv () excite com (Oct 09)
- a stupid bug ...that works on mozilla, opera, IE bipin gautam (Oct 09)
- Re: a stupid bug ...that works on mozilla, opera, IE Jan Wildeboer (Oct 10)
- a stupid bug ...that works on mozilla, opera, IE bipin gautam (Oct 09)