Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
Windows Media Player Skins File Download Vulnerability New
A security vulnerability exists in Microsoft® Windows Media™ Player 7 which could potentially enable a malicious user to cause a program of his choice to run on another user’s computer.
Issue
Windows Media Player 7 introduced a feature called "skins", that allows customization of the look and feel of Windows Media Player. If a Windows Media Player skin (.WMZ) file were downloaded from a malicious web site it could potentially be used to run Java code to read and browse files on a local machine. The vulnerability stems from the fact that "skins" are downloaded to a known location on a victim's computer and are stored in a .zip package. If the .zip package contained a Java class (.class) file, any Java code in this class could be executed under the local computer security zone.
If a Windows Media Player skin (.WMZ) file were downloaded from a malicious web site, it could potentially cause the deployment of zipped Java code to a known location on the visiting user’s machine. Since the Java code would reside in a known location on the machine, script hosted on a hostile web site or embedded in a hostile HTML mail message could potentially invoke the script in the local computer security zone to take arbitrary action on the user’s machine.
Affected Products
- Windows Media Player 7
Download
Patch: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27961
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: February 14, 2001
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
