Reported September 26, 2000 by USSRLabs
- Microsoft Windows Media Player 7
MS Media Player 7 is subject to a denial of service attack through the use of embedded OCX controls. While the vulnerability may be relevant to several applications, programs that support Rich Text Format (RTF) files are primarily at risk.
According to Microsoft's reponse to the issue, "A particular OCX control, associated with Windows Media Player, could be used in a denial of service attack against RTF-enabled e-mail clients such as Outlook and Outlook Express. If the affected control were programmatically embedded into an RTF mail and then sent to another user, the user's mail client would fail when he closed the mail. The vulnerability would not cause any lasting effects. The user could resume normal operation by restarting the mail client and deleting the affected mail."
VENDOR RESPONSEMicrosoft is aware of the matter and has released FAQ #>A href="http://www.microsoft.com/technet/security/bulletin/fq00-068.asp" target=_blank">FQ00-068, article Q274303, and a fix for Media Player 7.
Discovered by USSRLabs