Security flaw touches Windows Media Player, IE

By Dawn Kawamoto
Posted on ZDNet News: Oct 18, 2005 2:23:00 PM

A "critical" flaw that affects both Microsoft's Windows Media Player and Internet Explorer has been uncovered, a security company reported late Monday.

The security flaw, which is found in the default installations of Media Player and the IE browser, could let attackers launch a remote execution of code, according to an advisory posted by eEye Digital Security.

Systems affected by the flaw include Windows XP with Service Pack 1 and Service Pack 2, Windows NT, Windows 2003 and Windows 2003 SP1, and all versions of Windows 2000.

Although eEye does not believe the vulnerability is "wormable," the company rated it "critical" because it could allow for a remote execution of code and affects installations of Media Player and IE at their default settings, an eEye representative said.

"The flaw can be exploited if the user opens a wrong file or goes to a wrong Web site," said Marc Maiffret, eEye's chief hacking officer. "Then the attacker can execute code as the user, who is viewing the file or Web site."

A Microsoft spokeswoman confirmed the software giant had received eEye's advisory, but noted that because details of the vulnerabilities were not made public, there haven't been any known attempts to exploit the flaws.

The Microsoft Security Response Center continues to investigate the report, the spokeswoman said.

The discovery of this latest flaw comes days after Microsoft issued an advisory that a security patch it released early last week contained problems that could, in some instances, lock people out of their PC. As part of its regular monthly patching schedule, Microsoft last week issued patches for 14 security flaws in Windows, one of which had the potential to be exploited by a major worm.

eEye noted that the latest vulnerability is not linked to any of the 14 security flaws patched last week.

SponsoredWhite Papers, Webcasts, and Downloads

Building the Virtualized Enterprise with VMware Infrastructure VMware This paper explains how adopting a virtual infrastructure -- comprised of server, storage, and networking virtualization technologies -- can help your organization build a sustainable competitive ... Download Now
Email Security and Archiving - Clearer in the Cloud Google The time is NOW for businesses and organizations of all sizes to implement ... Download Now
The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now

Talkback
Most Recent of 112 Talkback(s)

Thread View
Flat View

Loverock you're kidding right ,: I always thought you hated products if they weren't from microsoft . QuickTime an absolute great product from APPLE , and FireFox and Open Source browser . Do you use these products because you are af... (Read the rest); Posted by: I'm Ye, the MS SHILL . Posted on: 11/21/05 You are currently: a Guest | Log in | Terms of Use

Security flaw touches Windows Media Player, IE Loverock Davidson | 10/18/05

face the facts... Brakk Stein | 10/18/05

Facts faced Loverock Davidson | 10/18/05

Yer right, Rockhead, Windows doesn't suk ... Judas I. | 10/18/05

Cosidering the alternatives Window's the best John Zern | 10/18/05

When was the last time you tried Linux, John? Judas I. | 10/18/05

Program availability billeast@... | 10/18/05

wait a minute.... JoeMama_z | 10/18/05

drivel? Jeff the god of biscuits | 10/18/05

C'mon, YOU wait a minute, joemama. Judas I. | 10/19/05

Hey, billeast, ... Judas I. | 10/19/05

What would you call "a while back," Jeff the god? Judas I. | 10/19/05

Puleeze? JoeMama_z | 10/19/05

Aren't we TOUCHY, now, joemama. Judas I. | 10/19/05

Make that 2 days cburgess | 10/20/05

OButterball I'm Ye, the MS SHILL . | 11/21/05

You not to samart ... An_Axe_to_Grind | 10/18/05

Linux kendondarrell | 10/18/05

Actually I think asking someone that actually uses Linux Advocate | 10/18/05

Drop me a line... Linux User 147560 | 10/18/05

linux fedora xWeazelX | 10/18/05

Good thing there is Mozilla! osreinstall | 10/18/05

Only sucks in security cburgess | 10/20/05

Or better yet Michael Kelly | 10/18/05

Good in theory Loverock Davidson | 10/18/05

MPlayer for Windows Michael Kelly | 10/18/05

Firewall it Spoon Jabber | 10/19/05

Loverock you're kidding right , I'm Ye, the MS SHILL . | 11/21/05

I sure hope this was a cheap Mike Cox imitation post... BitTwiddler | 10/18/05

it wasn't! An_Axe_to_Grind | 10/18/05

This is an obvious V.O.W.E.L. exploit! zappattazz@... | 10/18/05

A security flaw in Media Player & IE ??? realitycheck101 | 10/18/05

If you're so smart Elekt | 10/18/05

Stop your crying... TheCrow_z | 10/18/05

LOL IceTheNet@... | 10/18/05

ROTFLMAO defconvegas | 10/18/05

Why? A_Pickle | 10/20/05

I challenge MS to write better code than michael_t | 10/18/05

You're an idiot. A_Pickle | 10/20/05

ASP.NET flaw cburgess | 10/20/05

Talk to lengua99 | 10/26/05

How embedded is it? IT_User | 10/18/05

Oops, recant IT_User | 10/18/05

Windows - not fit for purpose whisperycat | 10/18/05

They actually do pay people to shout others down? Michael Kelly | 10/18/05

you can't compare apples to oranges csa0307 | 10/18/05

Hmm, not a good scenario maldain | 10/18/05

Try again java.user | 10/18/05

The essential issue cburgess | 10/20/05

Yay, another lame analogy with made up nonsense. IT Scion | 10/18/05

Of course there is proof whisperycat | 10/19/05

Nothing but net cburgess | 10/20/05

This definitely gets a ebrke | 10/19/05

Mike COX in Trouble jimlascola | 10/18/05

Mike Cox Missing FEB_z | 10/18/05

Sighh.... techboy_z | 10/18/05

Ya Right IceTheNet@... | 10/18/05

Are you Nordic or Swedish? Spoon Jabber | 10/19/05

Legacy Software duclod | 10/19/05

Kinda suspected the source jwspicer@... | 10/18/05

if I could set it up as easily and quickly as the five Windows boxes??? ITSa341@... | 10/18/05

Or get Mepis on a disk s_gamgee | 10/19/05

Fedora cburgess | 10/20/05

Microsoft is the flaw... RyanJones | 10/18/05

Amen An_Axe_to_Grind | 10/18/05

Appreciation kendondarrell | 10/18/05

Flaws Bill22 | 10/18/05

Hackers are not the problem cburgess | 10/20/05

flaws and more astrospacerich@... | 10/18/05

Notice: to all MicroCox MCSEs techboy_z | 10/18/05

Knick-Knacks IceTheNet@... | 10/18/05

always going to be probable erniem1970@... | 10/18/05

Thank goodness you only use Helix Boot_Agnostic | 10/18/05

WMP & IE Flaw wadeprater | 10/18/05

WMP & IE Flaw joan3316 | 10/18/05

RE: Again For You Who Don't Get It Krazyken39 | 10/18/05

Yes, it is about risk management Interfecus | 10/18/05

I hope Microsoft & Vista well too, but Krazyken39 | 10/19/05

Krazyken39 Hrothgar - PCLinuxOS User | 10/18/05

I ain't spell checking it insult as you see fit, Krazyken39 | 10/19/05

Surely not 20 years! Spoon Jabber | 10/19/05

Security flaw on Microsoft's PC's richard cornelius | 10/18/05

well u have lot's to learn IceTheNet@... | 10/18/05

And Gates' DRM... s_gamgee | 10/19/05

The competition Spoon Jabber | 10/19/05

Don't get me started on MACS Krazyken39 | 10/19/05

then you should know better cburgess | 10/20/05

Software can be secure and reliable sbailey_z | 10/20/05

Microsoft changes there name!!!!!! gamerzworld | 10/18/05

Microsoft's mentality bigbear77 | 10/18/05

RE: Microsoft's mentality by bigbear77 btljooz | 10/22/05

Micrpcrap, Microsucks, Micro-brains use it! RyanJones | 10/22/05

RE: Micrpcrap, Microsucks, Micro-brains use it! by Ryan Jones btljooz | 10/22/05

HA HA HA HA HA HA HA HA HA HA HA HA Cayble | 10/22/05

I am not surprised then michael_t | 10/24/05

Wow, given the flames on this forum... dsentman@... | 10/18/05

Your right IceTheNet@... | 10/18/05

Yep I second that......:) Krazyken39 | 10/19/05

Who needs excuses? Chad_z | 10/19/05

It does, indeed, seem... dsentman@... | 10/19/05

A single flaw... cburgess | 10/20/05

Let those without sin ... TonyMcS | 10/18/05

Oh dear, Eeye at it again..... Scrat | 10/18/05

Can someOUne explain to me how come there are SO many flaws in ie/ms window michael_t | 10/18/05

To answer the question, It's big, it's bloated and... Jazhawk | 10/18/05

Right, right and the poor man living in a sub-Saharan michael_t | 10/24/05

And there are still windoze users out there teckk@... | 10/18/05

Well thank goodness eEye is on the case. IT Scion | 10/18/05

I keep hearing people say... s_gamgee | 10/19/05

As circumstances change, only fully rigid code Boot_Agnostic | 10/19/05

Reality Check! cburgess | 10/20/05

RE: Reality Check! by matrixx btljooz | 10/20/05

What do you think?

White Papers, Webcasts, and Downloads

Building the Virtualized Enterprise with VMware Infrastructure VMware This paper explains how adopting a virtual infrastructure -- comprised of server, storage, and networking virtualization technologies -- can help your organization build a sustainable competitive ... Download Now
Email Security and Archiving - Clearer in the Cloud Google The time is NOW for businesses and organizations of all sizes to implement ... Download Now
The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now

Smartphones

Last year, many businesses deferred the purchase of new laptops in favor of smartphones, and why not? Offering phone, calendar, email, IM and Web access, they're arguably the most practical business tools. Check out the latest CNET Reviews of Blackberry devices for all the knowledge you need to make an intelligent choice.
Sleek. Thin. Light.
With its full keyboard and high-res screen, the BlackBerry® Curve™ 8900 is the perfect fit for your work and your life. Learn more

Security flaw touches Windows Media Player, IE

SponsoredWhite Papers, Webcasts, and Downloads

What do you think?

White Papers, Webcasts, and Downloads

Smartphones

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads