Reported June 26, 2002, by Microsoft.

VERSIONS AFFECTED

·         Microsoft Windows Media Player (WMP) for Windows XP, 7.1, and 6.4

 

DESCRIPTION

Multiple vulnerabilities exist in WMP, one of which could result in an attacker executing arbitrary code on the vulnerable system. The vulnerabilities include

·         an information disclosure vulnerability that lets an attacker run code on the vulnerable system

·         a privilege elevation vulnerability that lets an attacker who can physically log on locally to a Windows 2000 machine and run a program, obtain the same rights as the OS

·         a script execution vulnerability that can let a vulnerable system run a script of an attacker's choice after playing a specially formed media file and viewing a specially constructed Web page

 

VENDOR RESPONSE

The vendor, Microsoft, has released Security Bulletin MS02-032 (26 June 2002 Cumulative Patch for Windows Media Player) to address this vulnerability and recommends that affected users download and apply the appropriate patch mentioned in the bulletin. These patches are cumulative and address all previously discovered WMP vulnerabilities.

 

CREDIT
Discovered by Jelmer and the Security Internals Research Team.