RealTime IT News

MS Issues Patch to Plug WMP Holes

Microsoft has issued a cumulative patch to fix three flaws in its flagship Windows Media Player (WMP) software.

A security bulletin from Microsoft said the vulnerabilities affected WMP versions 6.4, 7.1 and Windows XP. The most serious of the three, which deals with an information disclosure problem, is described as "severe." It said exploitation could result in an attacker executing code on a user's PC.

The company said the information disclosure vulnerability could allow code to be issued by an attacker to execute commands adding, changing or deleting data, communicating with web sites, or changing the configuration of the system.

"The attacker's code would run with the same privileges as the user: any restrictions on the user's ability to change the system would apply to the attacker's code. For example, if the user were prevented from deleting files on the hard drive, the attacker's code would similarly be prevented. Conversely, if a user were using an account with high privileges such as an administrator's account, the attacker's code would also run the same high privileges," Microsoft said.

It said the problem results because of a flaw in how WMP handles certain types of licenses for secure media files when the media file is stored in the Internet Explorer browser cache. Specifically, when a type of secure Windows Media file is opened, the media player erroneously returns information to the server that discloses the location of the IE cache as it processes the request to the site for the licensing information, the company said.

The second bug -- a privilege elevation vulnerability -- could enable an attacker who can physically logon locally to a Windows 2000 machine and run a program to obtain the same rights as the operating system.

The warning also pointed to a script execution vulnerability that could run a script of an attacker's choice as if the user had chosen to run it after playing a specially formed media file and then viewing a specially constructed web page.

"This particular vulnerability has specific timing requirements that makes attempts to exploit vulnerability difficult and is rated as low severity." It also introduces a configuration change relating to file extensions associated with WMP.

Patches for the vulnerabilities can be found here.