Security fault nr ??..
IDG) -- Microsoft issued its second security warning and patch of the week when it acknowledged and offered a fix for two flaws in Windows Media Player. The flaws affect Windows Media Player 6.4 and 7 and can allow an attacker to run programs and read, modify, or delete files on a user's computer. |
The first, and more serious flaw, is the result of a problem in the way Windows Media Player handles the .ASX, or Active Stream Redirector, files that are used in finding and playing streaming media and in using play lists, Microsoft said. Due to a flaw in the memory buffer that deals with .ASX files, a special sequence of code could allow an attacker to make the same changes to a machine that the user could, including deleting files and running programs.
The second problem, which results from the way Windows Media Player handles Internet shortcuts, can allow an attacker to view files on the user's computer but not modify or delete them. This comes about because Internet shortcuts are supposed to be created in Internet Explorer's cache folder -- a repository of reusable, Web-related items -- but Windows Media Player instead creates them in the Temporary Files folder. An attack against the second flaw would also employ HTML code in the same way as the first, but this time using the code to create a shortcut in the Temporary Files folder, which would only give the attacker the ability to read files on the machine. However, such an attack is difficult, because the attacker needs to know the exact filename and location of the desired file, Microsoft said
Click Here for the whole story on it.
Source: Cnn
