Reported May 07, 2003, by Microsoft.

 

 

VERSIONS AFFECTED

 

·         Microsoft Windows Media Player (WMP) 8.0 and 7.1

 

DESCRIPTION

 

A new WMP vulnerability can result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from a flaw in the way WMP handles the download of skin files. This flaw could permit an attacker to force a file (e.g., a malicious executable) masquerading as a skin file into a certain location on a user's machine.

 

VENDOR RESPONSE

 

Microsoft has released Security Bulletin MS03-017, "Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787)," to address this vulnerability and recommends that affected users immediately apply the appropriate patch mentioned in the bulletin.

 

CREDIT

Discovered by Jouko Pynnonen of Oy Online Solutions Ltd, Finland and Jelmer.