Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Windows Media Player IE Cache Path Disclosure Vulnerability

Windows Media Player IE Cache Path Disclosure Vulnerability

by Nikola Strahija on June 28th, 2002 Microsoft Windows Media Player is distributed with multiple versions of the Microsoft Windows Operating System. A vulnerability has been reported that affects systems using Windows Media Player 6.4, 7.1, or Media Player for Windows XP.


An information disclosure vulnerability that may also allow an attacker the opportunity to execute arbitrary code on the targetted system has been reported. This vulnerability occurs due to the handling of license files for secure media files that are stored in the IE cache. The flaw affects only secure media files which use WM DRM 1.0. The risk for code execution is due to Windows Media Player disclosing the location of the IE cache, which uses a obfuscated name. An attacker that is able to learn the location of the cache can use scripting to execute a file located in the cache and it will be treated as part of the Local Computer Zone.

Remote: Yes

Exploit: No


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »