|
 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
5 |
 |
Members:
0 |
 |
Total:
5 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 05/20/2002 1:39 PM |
|
| Microsoft has identified two security vulnerabilities in versions 6.4 and 7.0 of Windows Media Player. Windows Media Player is used to play a variety of audio and video files including MP3 files containing music, videos, and streaming media such as Webcasts.
Background
Windows Media Player is commonly installed with Internet Explorer, though it can be installed separately. Most modern computers come with it installed along with Internet Explorer.
There are two separate and unrelated exposures involved.
1) Both versions 6.4 and 7.0 are vulnerable to an unchecked buffer. In plain English, this means that a rogue MP3
or similar file can contain malicious code that can run on your computer. This code could, in theory, do
anything that you can do yourself, including deleting or corrupting files. It could also steal passwords and other
sensitive information and send it to the file's creator.
2) Version 7.0 allows you to add "skins" which change the appearance of Windows Media Player. Such "skins" can
contain script that can run other programs on your machine, including ActiveX controls that are not marked "safe
for scripting." In theory, this could allow the author of the malicious "skin" to do anything that you can do, including
deleting or corrupting files. The author could also use a "skin" to steal passwords or other sensitive data from your
computer.
What To Do
Since Windows Media Player is commonly used and may be called upon to process files from questionable sources, I strongly encourage you to download and install the patch for the version of Media Player that you have.
To determine what version of Windows Media Player you have, do the following.
1) Run Windows Media Player. If there is not an icon for it on your desktop, look in your Start menu
in the program group that contains Internet Explorer. Its icon looks like the little thing that you've seen
used to tell the people on stage that the cameras are rolling when they are making a movie.
2) Click on the Help menu, then choose "About Windows Media Player."
The dialog box will tell you which version of Windows Media Player you have.
If your version is lower than 6.4, you should upgrade to the latest version. You can use the "Check for newer version" item on the Help menu in Media Player or visit http://windowsupdate.microsoft.com to get your update. If you have Windows 98, you will be offered Windows Media Player 7.0. Otherwise, you will be offered version 6.4.
Once you have the upgrade installed, follow the appropriate link below to get the update which is fairly small, as such things go these days. Even if you just upgraded, I would go ahead and get the patch since I am not sure whether the patched version is available yet through the Windows Update server. It also appears from this announcement that the patch will not be on the Windows Update server until some time next month.
To get the patch:
- Windows Media Player 6.4:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26069
- Windows Media Player 7:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26067
In closing, I emphasize that you should exercise caution when downloading MP3 and other multimedia files and "skins" from any but the most reputable sources. Music and videos that use Windows Media Player can be a lot of fun; just be careful about where you obtain them.
Technical Details
For those who are interested, this notice is based on information in Microsoft Product Security Bulletin number MS00-090 which was published late yesterday afternoon. Microsoft has published a corresponding FAQ (Frequently Asked Questions) document at http://www.microsoft.com/technet/security/bulletin/fq00-090.asp.
This concludes this VirusWarn notice.
Lee Drake, Moderator |
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|