On TechRepublic: Five super-secret features in Windows 7
BNET Business Network:
BNET
TechRepublic
ZDNet
112 TalkBacks

By Dawn Kawamoto
Posted on ZDNet News: Oct 18, 2005 2:23:00 PM

A "critical" flaw that affects both Microsoft's Windows Media Player and Internet Explorer has been uncovered, a security company reported late Monday.

The security flaw, which is found in the default installations of Media Player and the IE browser, could let attackers launch a remote execution of code, according to an advisory posted by eEye Digital Security.

Systems affected by the flaw include Windows XP with Service Pack 1 and Service Pack 2, Windows NT, Windows 2003 and Windows 2003 SP1, and all versions of Windows 2000.

Although eEye does not believe the vulnerability is "wormable," the company rated it "critical" because it could allow for a remote execution of code and affects installations of Media Player and IE at their default settings, an eEye representative said.

"The flaw can be exploited if the user opens a wrong file or goes to a wrong Web site," said Marc Maiffret, eEye's chief hacking officer. "Then the attacker can execute code as the user, who is viewing the file or Web site."

A Microsoft spokeswoman confirmed the software giant had received eEye's advisory, but noted that because details of the vulnerabilities were not made public, there haven't been any known attempts to exploit the flaws.

The Microsoft Security Response Center continues to investigate the report, the spokeswoman said.

The discovery of this latest flaw comes days after Microsoft issued an advisory that a security patch it released early last week contained problems that could, in some instances, lock people out of their PC. As part of its regular monthly patching schedule, Microsoft last week issued patches for 14 security flaws in Windows, one of which had the potential to be exploited by a major worm.

eEye noted that the latest vulnerability is not linked to any of the 14 security flaws patched last week.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 112 Talkback(s)
Loverock you're kidding right ,
I always thought you hated products if they weren't from microsoft . QuickTime an absolute great product from APPLE , and FireFox and Open Source browser . Do you use these products because you are af... (Read the rest)
Posted by: I'm Ye, the MS SHILL . Posted on: 11/21/05 You are currently: a Guest | | Terms of Use
Security flaw touches Windows Media Player, IE  Loverock Davidson | 10/18/05
face the facts...  Brakk Stein | 10/18/05
Facts faced  Loverock Davidson | 10/18/05
Yer right, Rockhead, Windows doesn't suk ...  Judas I. | 10/18/05
Cosidering the alternatives Window's the best  John Zern | 10/18/05
When was the last time you tried Linux, John?  Judas I. | 10/18/05
Program availability  billeast@... | 10/18/05
wait a minute....  JoeMama_z | 10/18/05
drivel?  Jeff the god of biscuits | 10/18/05
C'mon, YOU wait a minute, joemama.  Judas I. | 10/19/05
Hey, billeast, ...  Judas I. | 10/19/05
What would you call "a while back," Jeff the god?  Judas I. | 10/19/05
Puleeze?  JoeMama_z | 10/19/05
Aren't we TOUCHY, now, joemama.  Judas I. | 10/19/05
Make that 2 days  cburgess | 10/20/05
OButterball  I'm Ye, the MS SHILL . | 11/21/05
You not to samart ...  An_Axe_to_Grind | 10/18/05
Linux  kendondarrell | 10/18/05
Actually I think asking someone that actually uses  Linux Advocate | 10/18/05
Drop me a line...  Linux User 147560 | 10/18/05
linux fedora  xWeazelX | 10/18/05
Good thing there is Mozilla!  osreinstall | 10/18/05
Only sucks in security  cburgess | 10/20/05
Or better yet  Michael Kelly | 10/18/05
Good in theory  Loverock Davidson | 10/18/05
MPlayer for Windows  Michael Kelly | 10/18/05
Firewall it  Spoon Jabber | 10/19/05
Loverock you're kidding right ,  I'm Ye, the MS SHILL . | 11/21/05
I sure hope this was a cheap Mike Cox imitation post...  BitTwiddler | 10/18/05
it wasn't!  An_Axe_to_Grind | 10/18/05
This is an obvious V.O.W.E.L. exploit!  zappattazz@... | 10/18/05
A security flaw in Media Player & IE ???  realitycheck101 | 10/18/05
If you're so smart  Elekt | 10/18/05
Stop your crying...  TheCrow_z | 10/18/05
LOL  IceTheNet@... | 10/18/05
ROTFLMAO  zzz1234567890 | 10/18/05
Why?  A_Pickle | 10/20/05
I challenge MS to write better code than  michael_t | 10/18/05
You're an idiot.  A_Pickle | 10/20/05
ASP.NET flaw  cburgess | 10/20/05
Talk to  lengua99 | 10/26/05
How embedded is it?  IT_User | 10/18/05
Oops, recant  IT_User | 10/18/05
Windows - not fit for purpose  whisperycat | 10/18/05
They actually do pay people to shout others down?  Michael Kelly | 10/18/05
you can't compare apples to oranges  csa0307 | 10/18/05
Hmm, not a good scenario  maldain | 10/18/05
Try again  java.user | 10/18/05
The essential issue  cburgess | 10/20/05
Yay, another lame analogy with made up nonsense.  IT Scion | 10/18/05
Of course there is proof  whisperycat | 10/19/05
Nothing but net  cburgess | 10/20/05
This definitely gets a  ebrke | 10/19/05
Mike COX in Trouble  jimlascola | 10/18/05
Mike Cox Missing  FEB_z | 10/18/05
Sighh....  techboy_z | 10/18/05
Ya Right  IceTheNet@... | 10/18/05
Are you Nordic or Swedish?  Spoon Jabber | 10/19/05
Legacy Software  duclod | 10/19/05
Kinda suspected the source  jwspicer@... | 10/18/05
if I could set it up as easily and quickly as the five Windows boxes???  ITSa341@... | 10/18/05
Or get Mepis on a disk  s_gamgee | 10/19/05
Fedora  cburgess | 10/20/05
Microsoft is the flaw...  RyanJones | 10/18/05
Amen  An_Axe_to_Grind | 10/18/05
Appreciation  kendondarrell | 10/18/05
Flaws  Bill22 | 10/18/05
Hackers are not the problem  cburgess | 10/20/05
flaws and more  astrospacerich@... | 10/18/05
Notice: to all MicroCox MCSEs  techboy_z | 10/18/05
Knick-Knacks  IceTheNet@... | 10/18/05
always going to be probable  erniem1970@... | 10/18/05
Thank goodness you only use Helix  Boot_Agnostic | 10/18/05
WMP & IE Flaw  wadeprater | 10/18/05
WMP & IE Flaw  joan3316 | 10/18/05
RE: Again For You Who Don't Get It  Krazyken39 | 10/18/05
Yes, it is about risk management  Interfecus | 10/18/05
I hope Microsoft & Vista well too, but  Krazyken39 | 10/19/05
Krazyken39  Hrothgar - PCLinuxOS User | 10/18/05
I ain't spell checking it insult as you see fit,  Krazyken39 | 10/19/05
Surely not 20 years!  Spoon Jabber | 10/19/05
Security flaw on Microsoft's PC's  richard cornelius | 10/18/05
well u have lot's to learn  IceTheNet@... | 10/18/05
And Gates' DRM...  s_gamgee | 10/19/05
The competition  Spoon Jabber | 10/19/05
Don't get me started on MACS  Krazyken39 | 10/19/05
then you should know better  cburgess | 10/20/05
Software can be secure and reliable  sbailey_z | 10/20/05
Microsoft changes there name!!!!!!  gamerzworld | 10/18/05
Microsoft's mentality  bigbear77 | 10/18/05
RE: Microsoft's mentality by bigbear77  btljooz | 10/22/05
Micrpcrap, Microsucks, Micro-brains use it!  RyanJones | 10/22/05
RE: Micrpcrap, Microsucks, Micro-brains use it! by Ryan Jones  btljooz | 10/22/05
HA HA HA HA HA HA HA HA HA HA HA HA  Cayble | 10/22/05
I am not surprised then  michael_t | 10/24/05
Wow, given the flames on this forum...  dsentman@... | 10/18/05
Your right  IceTheNet@... | 10/18/05
Yep I second that......:)  Krazyken39 | 10/19/05
Who needs excuses?  Chad_z | 10/19/05
It does, indeed, seem...  dsentman@... | 10/19/05
A single flaw...  cburgess | 10/20/05
Let those without sin ...  TonyMcS | 10/18/05
Oh dear, Eeye at it again.....  Scrat | 10/18/05
Can someOUne explain to me how come there are SO many flaws in ie/ms window  michael_t | 10/18/05
To answer the question, It's big, it's bloated and...  Jazhawk | 10/18/05
Right, right and the poor man living in a sub-Saharan  michael_t | 10/24/05
And there are still windoze users out there  teckk@... | 10/18/05
Well thank goodness eEye is on the case.  IT Scion | 10/18/05
I keep hearing people say...  s_gamgee | 10/19/05
As circumstances change, only fully rigid code  Boot_Agnostic | 10/19/05
Reality Check!  cburgess | 10/20/05
RE: Reality Check! by matrixx  btljooz | 10/20/05

What do you think?

SmartPlanet

Click Here