SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Windows Media Player Vendors:   Microsoft
(CIAC Issues Bulletin L-089) Re: Microsoft Windows Media Player May Allow Remote Users to Execute Code Contained in Internet Shortcuts and View Files on the Media Player's Host
SecurityTracker Alert ID:  1001653
SecurityTracker URL:  http://securitytracker.com/id/1001653
CVE Reference:   CVE-2001-0243   (Links to External Site)
Date:  May 30 2001
Impact:   Disclosure of system information, Execution of arbitrary code via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.4, 7
Description:   Microsoft disclosed that their Windows Media Player contains a vulnerability that could allow a remote user to cause HTML code on the host to be executed and, as a result, view certain files on the host.

The vulnerability is in how Windows Media Player handles Internet shortcuts. Reportedly, Windows Media Player has a flaw that causes it to save Internet shortcuts to the user's Temporary Files folder with a fixed known filename. As a result, HTML code can be stored in a shortcut and launched via a web page or HTML based e-mail message. In this case, the code would execute in the Local Computer Zone rather than the Internet Zone.

A remote user could exploit this vulnerability to read files on the host. Only file types that can be opened in a browser window (such as .txt, .jpg, .gif, or .htm, but not file types such as .exe, .doc, and .xls).
Impact:   A remote user could cause HTML code to be executed on another Media Player's host that would allow the remote user to view certain files on that host.
Solution:   The vendor has released a fix. For users of version 6.4, a patch is available. For users of version 7, and upgrade to version 7.1 is available.
Vendor URL:  www.microsoft.com/technet/security/bulletin/MS01-029.asp (Links to External Site)
Cause:   Access control error, Randomization error
Underlying OS:  Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)

Message History:   This archive entry is a follow-up to the message listed below.
May 24 2001 Microsoft Windows Media Player May Allow Remote Users to Execute Code Contained in Internet Shortcuts and View Files on the Media Player's Host


 Source Message Contents
Subject:  CIAC Bulletin L-089: Windows Unchecked Buffer in Media Player .ASX Processor


[For Public Release]
-----BEGIN PGP SIGNED MESSAGE-----


             __________________________________________________________

                       The U.S. Department of Energy
                     Computer Incident Advisory Center
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

            Windows Unchecked Buffer in Media Player .ASX Processor
                              [Microsoft MS01-029]

May 25, 2001 21:00 GMT                                            Number L-089
______________________________________________________________________________
PROBLEM:       This addresses 2 vulnerabilities: the code parsing .ASX files
               has an unchecked buffer, enabling a malicious user to
               run code of her choice. Secondly, Windows Media Player has a
               flaw in saving Internet shortcuts to the user's Temporary Files
               folder with a fixed known filename.
PLATFORM:      Windows Media Player 6.4 and 7
DAMAGE:        Unauthorized disclosure, and/or limited executing code of
               choice.
SOLUTION:      Apply the patches as described below.
______________________________________________________________________________
VULNERABILITY  MEDIUM. In the first, the attacker can run only limited code,
ASSESSMENT:    and in the second, the attacker would need to know the exact
               name of each file to be read, and could not modify the file.
______________________________________________________________________________

[****** Start Microsoft Advisory ******]

http://www.ciac.org/ciac/bulletins/l-089.shtml

[****** End Microsoft Advisory ******]


-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition

iQCVAwUBOxQaw7nzJzdsy3QZAQG55gP+N+LE6c/XiRMPG+Zq7GwrW3P78Ggxa41M
pEjA41Np4Vlx+QwyyVRduVnB1ZaKVH5EvZNH7tqtaran0exGdLgkauuzuA0+QKQN
oTogpRQcJC6zkdx12IwjXmot1dqzNGAsgJp7ibiAAGAufnCXynMpWNajFxJVWPsP
4X2tCdRkFj8=
=3s4a
-----END PGP SIGNATURE-----

-+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+
This message was posted through the FIRST mailing list server.  If you
wish to unsubscribe from this mailing list, send the message body of
"unsubscribe first-info" to first-majordomo@FIRST.ORG
-+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC