mjc
05-08-2003, 12:29 PM
MS Technet (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-017.asp)
Microsoft Security Bulletin MS03-017
Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787)
Originally posted: May 7, 2003
Summary
Who should read this bulletin: Customers running Windows Media Player 7.1 and Windows Media Player for Windows XP (Version 8.0)
Impact of vulnerability: Arbitrary code execution
Maximum Severity Rating: Critical
Recommendation: Customers running Windows Media Player 7.1 and Windows Media Player for Windows XP (Version 8) should apply the patch.
Affected Software:
* Microsoft Windows Media Player 7.1
* Microsoft Windows Media Player for Windows XP (Version 8.0)
Technical details
Technical description:
Microsoft Windows Media Player provides functionality to change the overall appearance of the player itself through the use of “skins”. Skins are custom overlays that consist of collections of one or more files of computer art, organized by an XML file. The XML file tells Windows Media Player how to use these files to display a skin as the user interface. In this manner, the user can choose from a variety of standard skins, each one providing an additional visual experience. Windows Media Player comes with several skins to choose from, but it is relatively easy to create and distribute custom skins.
A flaw exists in the way Windows Media Player 7.1 and Windows Media Player for Windows XP handle the download of skin files. The flaw means that an attacker could force a file masquerading as a skin file into a known location on a user’s machine. This could allow an attacker to place a malicious executable on the system.
Microsoft Security Bulletin MS03-017
Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787)
Originally posted: May 7, 2003
Summary
Who should read this bulletin: Customers running Windows Media Player 7.1 and Windows Media Player for Windows XP (Version 8.0)
Impact of vulnerability: Arbitrary code execution
Maximum Severity Rating: Critical
Recommendation: Customers running Windows Media Player 7.1 and Windows Media Player for Windows XP (Version 8) should apply the patch.
Affected Software:
* Microsoft Windows Media Player 7.1
* Microsoft Windows Media Player for Windows XP (Version 8.0)
Technical details
Technical description:
Microsoft Windows Media Player provides functionality to change the overall appearance of the player itself through the use of “skins”. Skins are custom overlays that consist of collections of one or more files of computer art, organized by an XML file. The XML file tells Windows Media Player how to use these files to display a skin as the user interface. In this manner, the user can choose from a variety of standard skins, each one providing an additional visual experience. Windows Media Player comes with several skins to choose from, but it is relatively easy to create and distribute custom skins.
A flaw exists in the way Windows Media Player 7.1 and Windows Media Player for Windows XP handle the download of skin files. The flaw means that an attacker could force a file masquerading as a skin file into a known location on a user’s machine. This could allow an attacker to place a malicious executable on the system.