Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Windows Media Player 7 skin vulnerability

Windows Media Player 7 skin vulnerability

by Phiber on February 16th, 2001 Windows Media Player 7 introduced a feature called "skins", that allows customization of the look and feel of Windows Media Player. If a Windows Media Player skin (.WMZ) file were downloaded from a malicious web site it could potentially be used to run Java code to read and browse files on a local machine. The vulnerability stems from the fact that "skins" are downloaded to a known location on a victim's computer and are stored in a .zip package. If the .zip package contained a Java class (.class) file, any Java code in this class could be executed under the local computer security zone....


If a Windows Media Player skin (.WMZ) file were downloaded from a
malicious web site, it could potentially cause the deployment of
zipped Java code to a known location on the visiting user's machine.
Since the Java code would reside in a known location on the machine,
script hosted on a hostile web site or embedded in a hostile HTML
mail message could potentially invoke the script in the local
computer security zone to take arbitrary action on the user's
machine.



Download the patch

or

Download this advisory


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »