Suggest A Fix PC Support Forums > MS Alert: Media Player allows silent execution of

Full Version: MS Alert: Media Player allows silent execution of

Suggest A Fix PC Support Forums > Security > Security News and Warnings

Interceptor

Aug 23 2002, 10:54 PM

A security issue has been reported in Windows Media Player. A Windows Media Download Package file (.wmd file) will cause Windows Media Player to create a folder with the user-supplied name of the '.wmd' file in the 'Virtual Music' default location and will silently install and execute code on the user's system. This can be exploited to extract a file to a known location.
An .asx file is designed so that Media Player will validate the contents as appearing legitimate and extract the file to a known location.

The malicious user can then create an .asf file that will call the file in the known location. The applet codebase will be executed in the Local Computer zone.

No solution was available from Microsoft at this time.

Reported by: Malware

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.