ah, sweet 20k....grub grub grub
Microsoft fixes security flaws in Windows Media Player
By Sam Costello
May 24, 2001 7:24 am PT
MICROSOFT ISSUED ITS second security warning and patch of the week when it
acknowledged and offered a fix for two flaws in Windows Media Player Wednesday. The
flaws affect Windows Media Player 6.4 and 7 and can allow an attacker to run programs
and read, modify, or delete files on a user's computer.
The first, and more serious flaw, is the result of a problem in the way Windows Media
Player handles the .ASX, or Active Stream Redirector, files that are used in finding and
playing streaming media and in using play lists, Microsoft said. Due to a flaw in the
memory buffer that deals with .ASX files, a special sequence of code could allow an
attacker to make the same changes to a machine that the user could, including deleting
files and running programs.
The attack code could be embedded in an HTML e-mail sent to a user or, more seriously,
could also be made to execute whenever a user visits a Web page. In the first case the
user would have to open the HTML file in order for the attack to work, but in the second
the user need only visit the Web page. Once the attack occurs, the attacker would gain all
the privileges the user had.
The second problem, which results from the way Windows Media Player handles Internet
shortcuts, can allow an attacker to view files on the user's computer but not modify or
delete them. This comes about because Internet shortcuts are supposed to be created in
Internet Explorer's cache folder -- a repository of reusable, Web-related items -- but
Windows Media Player instead creates them in the Temporary Files folder. An attack
against the second flaw would also employ HTML code in the same way as the first, but this
time using the code to create a shortcut in the Temporary Files folder, which would only
give the attacker the ability to read files on the machine. However, such an attack is
difficult, because the attacker needs to know the exact filename and location of the desired
file, Microsoft said.
The patch also fixes a privacy flaw that allows for the collection of user data which, though
it would not identify the user by name, could be collected into a user profile.
Users ought to apply the patch to Windows Media Player 6.4, but for Version 7, they ought
to upgrade to Version 7.1, Microsoft said.
The flaws in Windows Media Player were disclosed only one day after Microsoft issued a
patch for its Word application, which allowed small programs, called macros, to execute
some unauthorized changes within Word. These bulletins marked Microsoft's sixth and
seventh for May, which is roughly the average number of monthly security bulletins issued
by the company and down slightly from the end of 2000.
[Sam Costello is a Boston-based correspondent for the IDG News Service, an InfoWorld
affiliate.]
idg.net |
