WMP9 Series Flaw Leaves Users Exposed | Internet News
Developer
SHARE
Facebook X Pinterest WhatsApp

WMP9 Series Flaw Leaves Users Exposed

Written By
Ryan Naraine
Ryan Naraine
Jun 26, 2003
2 minute read

Microsoft has issued an alert for a security flaw in its flagship Windows Media Player 9 Series that leaves millions of users at the risk of intrusion.

The WMP9 software, which streams multimedia content to millions of PC users, contains a vulnerability in the way an ActiveX control provides access to information.

Windows Media Player versions 6.4, 7.1 and 8.0 (for Windows XP) are not affected.

In an advisory (patch included), the software giant said the security hole exists because an attacker could invoke the ActiveX control from script code, which would allow the attacker to view and manipulate metadata contained in the media library on the susceptible
PC.

The ActiveX feature is included in WMP9 to allow the creation of Web pages that can play media and provide a user interface by which the user can control playback. For instance, when a user visits a Web page with embedded multimedia, the ActiveX control provides a user interface that allows the user to take such actions as pausing or rewinding the content.

Microsoft warned that a successful attacker would have to host a
malicious exploit on a Web page and persuade a user to visit that site. “An attacker could also embed a link to the malicious site in an HTML e-mail and send it to the user. After the user previewed or opened the e-mail, the malicious site could be visited automatically without further user interaction,” the company said.

While a successful attack would allow access to the media library on a
vulnerable PC, the flaw does not allows access to the user’s hard disk.
“(An attacker) and would not have access to passwords or encrypted data,”
Microsoft noted.

It is not the first time security holes have appeared in the WMP
software. Last June, Microsoft issued a
cumulative patch to fix three flaws in WMP versions 6.4, 7.1 and Windows
XP.

The company also issued a ‘critical’ alert for a flaw in the way ‘skin’
files are downloaded in some versions of WMP. That security hole
affected WMP version 7.1 and WMP for Windows XP version 8.0 and allowed
attackers to “force a file masquerading as a skin file” into a user’s
system.
Ryan Naraine
Internet News Logo

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

facebook
x

Company

Contact us Advertise with us

Categories

News Enterprise Small Business Reviews Podcasts Blog Research

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information