| VID |
28042 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Windows Media Player has not been applied the patch for a Media Library Access vulnerability.
An ActiveX control included with Windows Media Player 9 Series is a scriptable component invoked or controlled by script code, which is used for adding multimedia playback capabilities to Web pages. This vulnerability allows a remote attacker to view and manipulate metadata contained in the media library on the user's system, which contains information about media files,
because the Windows Media Player 9 Series ActiveX control does not properly validate requests made by script to access the Media Library. Successfully exploiting this vulnerability, a remote attacker will host a specially constructed web page or send a HTML E-Mail. It can provide the ActiveX control to access the media library by the attacker's script code when a user opens this page.
* References:
http://www.microsoft.com/technet/security/bulletin/ms03-021.asp
* Softwares Affected:
Microsoft Windows Media Player 9 Series |
| Recommendation |
Apply the patch for this vulnerability.
For Windows Media Player 9 Series:
1. Open the page http://microsoft.com/downloads/details.aspx?FamilyId=36814221-8194-4492-BB29-94DB3D4CB682&displaylang=en.
2. Choose your language from the drop-down list and Click <Go> button.
3. Click <Download> link to download the "WindowsMedia9-KB819639-x86-ENU.exe" file.
4. Install this patch on your system by running this file.
For Windows Media Player 9 Series on Windows Server 2003:
1. Open the page http://microsoft.com/downloads/details.aspx?FamilyId=82CD6192-15D8-4E28-9B14-F9B78FF01D8A&displaylang=en.
2. Choose your language from the drop-down list and Click <Go> button.
3. Click <Download> link to download the "WindowsMedia9-KB819639-x86-ENU.exe" file.
4. Install this patch on your system by running this file. |
| Related URL |
CVE-2003-0348 (CVE) |
| Related URL |
8034 (SecurityFocus) |
| Related URL |
(ISS) |
|
