| VID |
28111 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The 892313 update for the Windows Media Player has not been installed. This update resolves newly-discovered flaws in Microsoft Windows Media Player 9 Series and in Windows Media Player 10 Series. One of these flaws could allow a remote attacker to infect the affected host with spyware. An attacker could exploit this flaw by crafting a malformed WMP file which will cause Windows Media Player to redirect the users to a rogue Web site when attempting to acquire a license to read the file.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.benedelman.org/news/010205-1.html
* Platforms Affected:
Microsoft Windows Media Player 9 Series
Microsoft Windows Media Player 10 Series
Microsoft Windows Any version |
| Recommendation |
Apply the appropriate patch (KB892313) for your system, as listed in Microsoft Article ID: 892313 at http://support.microsoft.com/kb/892313/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
