Win Media Player hole surrenders your machine

[InfoSec News <isn () c4i org>]

http://www.theregister.co.uk/content/6/19164.html

By Thomas C Greene in Washington
Posted: 24/05/2001 at 06:02 GMT

The Windows Media Player ASX (Active Stream Redirector) processor
contains an unchecked buffer susceptible to an overrun which could
enable an attacker to run arbitrary code on a machine with the
victim's level of permission, a Microsoft security bulletin warns.

Media Player 6.4 and 7.0 are affected; and earlier,
currently-unsupported versions 'may or may not be,' the company says.

Developing an exploit would require the cobbling together of a
malicious file which could be circulated via e-mail or linked on a
malicious Web site. All that remains is to entice the unlucky victim
to open it. Naming it sororitysuck.asx ought to do the trick here, we
reckon.

Alternatively, a malicious HTML page could be set up to run an attack
script automatically when it's viewed.

A second, less destructive, vulnerability could enable an attacker to
exploit maliciously-crafted shortcuts, which Media Player 6.4 and 7.0
save to the user's temporary files directory with a known file name.

"It's possible for HTML code to be stored in such a shortcut and
launched via a Web page or HTML e-mail, in which case the code would
run in the Local Computer Zone rather than the Internet Zone. An
attacker could exploit this vulnerability to read - but not add,
delete or modify - files on another user's computer," the security
bulletin explains.

Media Player 6.4 users can download a patch to clear up both defects
here; while 7.0 users can fix their systems by upgrading to 7.1 here.



ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.