Attack code out for latest Microsoft flaw

By Greg Sandoval
Posted on ZDNet News: Feb 17, 2006 2:55:00 AM

Two examples of computer code that exploit a flaw in Windows Media Player have become available only days after Microsoft released a patch to fix the bug.

The "proof-of-concept" exploits that take advantage of a flaw in the media player were posted on the Web over the past couple of days. The flaw, rated "critical" by Microsoft, could enable an attacker to seize control of a vulnerable computer system.

The appearance of proof-of concept code is usually a sign that actual attacks are not far off. Microsoft, when it released its patch Tuesday, urged users to upgrade their systems as soon as possible.

Microsoft recently issued patch MS06-005 as part of its monthly security update. The vulnerability in Windows Media Player can compromise a system through malicious images embedded in the player.

Versions of Windows Media Player affected by the bug include 7.1 through 10. The vulnerability was also tagged as "critical" by the French Security Incident Response Team, or FrSIRT, a research outfit that published one of the two exploits.

Microsoft announced the release of seven fixes on Tuesday, including a "critical" patch for a Windows Meta File vulnerability in Internet Explorer. It exists only in IE 5.01 with Service Pack 4 on Windows 2000 and IE 5.5 with Service Pack 2 on Windows ME, Microsoft said in the security advisory.

SponsoredWhite Papers, Webcasts, and Downloads

Talkback
Most Recent of 71 Talkback(s)

Thread View
Flat View

Message has been deleted.: (Read the rest); Posted by: Anton Philidor Posted on: 02/17/06 (Edited: 03/10/2006 @ 06:40) You are currently: Logged In | Log out

I've already patched, so I'm good to go. Grayson Peddie | 02/17/06

Message has been deleted. Nix_0S_Fan | 02/17/06

unlike this witty post corticus | 02/17/06

Are you 12 years old? balsover | 02/17/06

Message has been deleted. Nix_0S_Fan | 02/17/06

You need a hobby Shelendrea | 02/17/06

Ha! I dont get it and its still funny! Cayble | 02/17/06

And your post makes you look dignified by comparison? HypnoToad | 02/17/06

Help me understand......You're not a stroke how? chrislovesdana | 02/17/06

Patched it Hmm! Well I one up'ed you IceTheNet@... | 02/17/06

I'd like to know more just for accuracy sake... bob2cam | 02/17/06

Chicken or Egg? Mr. Roboto | 02/17/06

Attack code out for latest Microsoft flaw Loverock Davidson | 02/17/06

Sure, when you pay them enough. olePigeon | 02/17/06

Pay them? Loverock Davidson | 02/17/06

I love it too, Loverock! Grayson Peddie | 02/18/06

You will never get djc1309@... | 02/17/06

If I were managing a thousand computers georgep_z | 02/17/06

If you were managing Loverock Davidson | 02/17/06

If you were managing anything I'm Ye, the MS SHILL . | 02/17/06

and it's a shame Shelendrea | 02/17/06

Yeah! Loverock Davidson | 02/17/06

didn't say there was Shelendrea | 02/17/06

LOL Loverock Davidson | 02/17/06

LOL indeed mdsmedia | 02/18/06

You have no idea what you're talking about Chad_z | 02/17/06

I do, you don't Loverock Davidson | 02/17/06

it's apparent you aren't enterprise material... Monkey_MCSE | 02/17/06

I think I am thanks Loverock Davidson | 02/17/06

you are truely amusing sometimes... Monkey_MCSE | 02/19/06

Loverock, don't listen to Linux fools. Grayson Peddie | 02/19/06

Loverock you're good at saying nothing mdsmedia | 02/18/06

rude Shelendrea | 02/17/06

Not Rude when you are correct djc1309@... | 02/17/06

No it's rude Shelendrea | 02/17/06

Walter: Am I wrong? Code Poet | 02/17/06

Your unamed "recent article" LoCal | 02/17/06

Important info left out Loverock Davidson | 02/17/06

You still haven't named your "recent study". LoCal | 02/18/06

WSUS jhunt302 | 02/17/06

Well, your a wee bit out of touch then Cayble | 02/17/06

I manage over 1,000 Suicida| | 02/17/06

Why do they allow this? marbing@... | 02/17/06

You really dont know??? Cayble | 02/17/06

you're right Shelendrea | 02/17/06

Its all about techno-economics corticus | 02/17/06

Really? NonZealot | 02/17/06

Worse, big companies have hijacked Linux for their own wants. HypnoToad | 02/17/06

Wrong bhodges00 | 02/17/06

Apple richer than MS? hmmm... corticus | 02/17/06

Sorry if you read into it wrong. bhodges00 | 02/17/06

Umm no Rick_K | 02/20/06

you forgot something Code Poet | 02/17/06

It only seems that way. Suicida| | 02/17/06

Please... TheCrow_z | 02/17/06

it wouldn't be fixed Scott W | 02/17/06

In other news, rain starts just after umbrellas invented marksashton | 02/17/06

Absolutly Cayble | 02/17/06

Automatic if you want to take blind chances. HypnoToad | 02/17/06

Not really Suicida| | 02/17/06

they don't corticus | 02/17/06

reference corticus | 02/17/06

Sometimes I wonder.... Betelgeuse58 | 02/17/06

Damn, Another Reboot! nikoli | 02/17/06

Okay, I apologize, you bad guys go back to messing with Mac Chat Boot_Agnostic | 02/17/06

Message has been deleted. Anton Philidor | 02/17/06

And in a follow-up announcement... JDThompson | 02/17/06

Clueless Coalition disbanded. Anton Philidor | 02/17/06

LOL!!!!!!!!! george_ou | 02/19/06

What to do toodevastate | 02/17/06

CEO's read? Shelendrea | 02/20/06

What do you think?

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SponsoredWhite Papers, Webcasts, and Downloads

BNET Industries
Check out BNET's newest resource for managers and executives. Need to do research on your competitors? Don't have time to read every trade pub? BNET Industries is the new source for daily news, insights, and research on 11 major industries and 9,000 public companies.
The technology industry from a different angle
See what's hot in the auto industry
Stay on top of the energy industry