Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Windows Media Player Internet Shortcut Execution Vulnerability

Windows Media Player Internet Shortcut Execution Vulnerability

by platon on June 1st, 2001 A flaw exists in the implementation of Windows Media Player which could disclose sensitive information to attackers...



WMP creates internet shortcuts in the temporary internet files folder on the user's local system. These files are also created with 'fixed', known filenames.
The WMP created shortcuts are opened in Local Computer Zone rather than the Internet Zone. HTML opened in this Security Zone has the ability to read arbitrary files on the filesystem, as well as send data to webservers.

Microsoft has released a patch which rectifies this issue:


Microsoft Windows Media Player 6.4:

Microsoft patch WMSU47357

Download

Microsoft Windows Media Player 7:

Microsoft upgrade mp71

Download


[Homepage]


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »