There is a new vulnerability in the ubiquitous Windows Media Player that could enable an attacker to execute code on the machine of a user who downloads a skin for the player.
When users download new skins—or user interfaces—for the Windows Media Player, the files are automatically saved to the players “Skins” file folder. As protection against some attacks, WMP introduces a random element into the name of the file so that attackers cant guess the exact name of downloaded skins. However, its possible to get around this measure by inserting a specific character into the URL of the skin.
This flaw allows an attacker to choose the exact download location of the skin, or alternately, a malicious file disguised as a skin. The most likely scenarios for exploiting this vulnerability are an attacker building a Web page specifically designed to carry such malicious files and either luring visitors to the site or sending them the link an HTML mail message.
It is by no means a stretch to imagine such an attack, especially considering the fact that there are thousands of sites on the Internet that house WMP skin files. Although Microsoft Corp. develops some of its own skins, users all over the world design their own as well and encourage others to download and share the files.
The vulnerability affects WMP 7.0 and WMP for XP, also known as 8.0. The patch for the flaw is available here.
Latest Security News:
Search for more stories by Dennis Fisher.
Find white papers on security.