Reported June 25, 2003, by Microsoft.

 

VERSIONS AFFECTED

 

·         Microsoft Windows Media Player (WMP) 9 Series

 

DESCRIPTION

 

A new vulnerability in Microsoft Windows Media Player (WMP) 9 Series can result in the modification of Windows Media Library entries. This vulnerability stems from a flaw in the way an ActiveX control provides access to information on the user’s computer. By invoking the ActiveX control from script code, an attacker can view and manipulate metadata contained in the media library on the user's computer.

 

VENDOR RESPONSE

 

Microsoft has released Security Bulletin MS03-021, "Flaw In Windows Media Player May Allow Media Library Access (819639)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin.

 

CREDIT

Discovered by Jelmer.

Reported June 25, 2003, by Microsoft.

 

VERSIONS AFFECTED

 

·         Microsoft Windows Media Player (WMP) 9 Series

 

DESCRIPTION

 

A new vulnerability in Microsoft Windows Media Player (WMP) 9 Series can result in the modification of Windows Media Library entries. This vulnerability stems from a flaw in the way an ActiveX control provides access to information on the user’s computer. By invoking the ActiveX control from script code, an attacker can view and manipulate metadata contained in the media library on the user's computer.

 

VENDOR RESPONSE

 

Microsoft has released Security Bulletin MS03-021, "Flaw In Windows Media Player May Allow Media Library Access (819639)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin.

 

CREDIT

Discovered by Jelmer.