SYMPTOMS
Microsoft has released a patch that eliminates two security vulnerabilities in Windows Media Player. These vulnerabilities may enable a malicious user to cause a program to run on another user's computer.
The two vulnerabilities discussed in this article are unrelated to each other except that they both affect Windows Media Player. They are packaged in one downloadable file to make it easier for you to apply. The vulnerabilities include:
- The ".asx Buffer Overrun" vulnerability. Windows Media Player supports Active Stream Redirector (.asx) files so that users can play streaming media that resides on intranet or Internet sites. However, the code that parses .asx files has an unchecked buffer that can allow a malicious user to run code on the computer of another user. The malicious user might either send an affected file to another user to run or preview, or the malicious user might host an affected file on a Web site and cause the file to run automatically when a user visits the site. The code can take any action on the computer that the legitimate user might take.
- The ".wms Script Execution" vulnerability. Windows Media Player 7 introduced a skins feature that allows customization of how Windows Media Player looks. However, a custom skin (.wms) file can potentially include script, which can run if the user runs Windows Media Player and selects that skin. A malicious user can either send a customized skin that contains script to another user, or the malicious user can host a customized skin on a Web site and cause it to run automatically when a user visits the site. Because the code can be located on the user's local computer, the code can run ActiveX controls, including ActiveX controls that are not marked as safe for scripting. When this occurs, the code can take any action on the computer that can be accomplished by using an ActiveX control.
RESOLUTION
Windows Media Player 7
NOTE: An updated package was released on February 12, 2000.
The following file is available for download from the Microsoft Download Center:
NOTE: This update also corrects the problem discussed in the following Microsoft Knowledge Base article:
287045 Patch Available for Windows Media Player Skins File Download Vulnerability
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
The English version of this fix should have the following file attributes or later:
Date Time Version Size File name
-------------------------------------------------------
02/06/2001 12:44p 7.0.0.1959 827,664 Wmpcore.dll
02/06/2001 12:51p 7.0.0.1959 348,432 Wmplayer.exe
02/06/2001 12:51p 7.0.0.1959 1,134,864 Wmpui.dll
Windows Media Player 6.4
The following file is available for download from the Microsoft Download Center:
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on secure servers that prevent any unauthorized changes to the file.
