Microsoft Media Player Exploits Released | Internet News
Security
SHARE
Facebook X Pinterest WhatsApp

Microsoft Media Player Exploits Released

Written By
Ed Sutherland
Ed Sutherland
Feb 17, 2006
2 minute read

Just days after Microsoft fixed a hole discovered in its Windows Media Player, security firms report exploits are now targeting the vulnerability.

Researchers with the French Security Incident Response Team (FrSIRT) published two exploits targeting a bug in versions of the Microsoft Media Player.

The flaw could enable attackers to seize control of computers running Microsoft Windows. Perpetrators can then leverage the exploit for anything from identity theft to stealing financial data stored on computers.

“Once these patches come out, it starts the clock for the bad guys,” Marc Maiffret, co-founder of eEye Digital Security, the company that discovered the media player flaw.

It’s very important that consumers update their systems with Microsoft’s patch MS06-005, urged Maiffret. The patch fixes the vulnerability used by the current exploits.

“The bad part is the exploits were released so quickly, most people haven’t patched them yet,” Maiffret told internetnews.com.

Although corporate users have entire IT departments devoted to ensuring the security of company computers, the race to apply patches is being lost to rapid exploit production.

New tools are emerging that make it possible for attackers to compare the patched application against an unpatched version and quickly create an exploit based on the difference.


“For large organizations, it’s just infeasible,” Maiffret says. “One day is pretty fast.”

Another reason for the increasing speed with which security flaws are exploited is the changing target of attacks.

Concentration has shifted away from the operating system to file formats (in the case of Windows Media Player, bitmaps) more associated with consumer-oriented applications.

Flaws in both Windows Media Player and Windows Metafile (WMF) graphic formats rely on social engineering to get users to visit a malicious Web site or open a specially-crafted email.

Often, users patching individual security flaws in applications cannot keep pace with attackers competing to quickly release exploits.

The onus is on vendors who issue fixes to cover broad areas of vulnerabilities. Rather than patching Windows Media Player, Microsoft and others need to focus on the generic risks from buffer overruns, said Maiffret.
Ed Sutherland
Internet News Logo

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

facebook
x

Company

Contact us Advertise with us

Categories

News Enterprise Small Business Reviews Podcasts Blog Research

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information