| VID |
28041 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Windows Media Player has not been applied the patch for a directory traversal vulnerability, which allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C).
A flaw exists in the way the affected Windows Media Player handle the download of skin files. The flaw arises due to forcing a file masquerading as a skin file into a known location on a user's machine. An attacker may exploit this flaw to execute arbitrary code on the affected host with the privileges of the user running Windows Media Player.
In order to exploit this flaw, an attacker will have to host a malicious web site that contains a web page designed to exploit this particular vulnerability and then persuade a user to visit that site. an attacker will have no way to force a user to the site. An attacker can also embed the link in an HTML e-mail and send it to the user.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms03-017.asp
http://www.securiteam.com/windowsntfocus/5FP0B0AA0I.html
http://marc.theaimsgroup.com/?l=bugtraq&m=105232913516488&w=2
http://marc.theaimsgroup.com/?l=ntbugtraq&m=105233960728901&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=105240528419389&w=2
http://www.microsoft.com/technet/security/bulletin/ms03-017.asp
* Platforms Affected:
Windows Media Player 7.1 on Win98, Win98SE, WinME, Win2k
Windows Media Player for XP, WinXP (Version 8.0) |
| Recommendation |
Apply the appropriate patch for your system, available from the Microsoft's download web site.
For Microsoft Windows Media Player 7.1:
http://microsoft.com/downloads/details.aspx?FamilyId=012F143A-77D1-4F6F-9338-5A6332614532&displaylang=en
For Microsoft Windows Media Player for Windows XP (Version 8.0):
http://microsoft.com/downloads/details.aspx?FamilyId=E311DF50-0633-4100-AB37-D7A68D51182F&displaylang=en
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2003-0228 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
11953 (ISS) |
|
