Alert: Microsoft Security Bulletin - MS03-021

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 06/25/03

  • Next message: Russ: "Alert: Microsoft Security Bulletin - MS03-022" 
    Date:         Wed, 25 Jun 2003 13:10:47 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    http://www.microsoft.com/technet/security/bulletin/MS03-021.asp

    Flaw In Windows Media Player May Allow Media Library Access (819639)

    Originally posted: June 25, 2003

    Summary

    Who should read this bulletin: Customers running Microsoft Windows Media Player 9 Series

    Impact of vulnerability: Information Disclosure

    Maximum Severity Rating: Moderate

    Recommendation: System administrators install the patch on a schedule consistent with their practices.

    End User Bulletin: An end user version of this bulletin is available at:

    http://www.microsoft.com/security/security_bulletins/ms03-021.asp.

    Affected Software:
    - Microsoft Windows Media Player 9 SeriesNot Affected Software Versions:
    - Microsoft Windows Media Player 6.4
    - Microsoft Windows Media Player 7.1
    - Microsoft Windows Media Player for Windows XP (8.0)

    Technical description:

    An ActiveX control included with Windows Media Player 9 Series allows Web page authors to create Web pages that can play media and provide a user interface by which the user can control playback. When a user visits a Web page with embedded media, the ActiveX control provides a user interface that allows the user to take such actions as pausing or rewinding the media.

    A flaw exists in the way in which the ActiveX control provides access to information on the user's computer. A vulnerability exists because an attacker could invoke the ActiveX control from script code, which would allow the attacker to view and manipulate metadata contained in the media library on the user's computer.

    To exploit this flaw, an attacker would have to host a malicious Web site that contained a Web page designed to exploit this vulnerability, and then persuade a user to visit that site-an attacker would have no way to force a user to the site. An attacker could also embed a link to the malicious site in an HTML e-mail and send it to the user. After the user previewed or opened the e-mail, the malicious site could be visited automatically without further user interaction.

    The attacker would only have access to manipulate the media library on the user's computer. The attacker would not be able to browse the user's hard disk and would not have access to passwords or encrypted data. The attacker would not be able to modify files on the user's hard disk, but could modify the contents of any Media Library entries associated with those files. The attacker might also be able to determine the user name of the logged-on user by examining the directory paths to media files.

    Mitigating factors:
    - By default, Internet Explorer on Windows Server 2003 runs in Enhanced Security Configuration. This default configuration of Internet Explorer blocks this attack.
    - The attacker could only gain access to information contained in the Windows Media Library
    - The attacker would not be able to execute code on the system or delete files on the user's hard disk.

    Vulnerability identifier: CAN-2003-0348

    This email is sent to NTBugtraq automatically as a service to my subscribers. (v1.18)

    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!

    With a growth rate exceeding 110%, the TICSA security practitioner
    certification is one of the hottest IT credentials available. And now, for
    a limited time, you can save 33% off of the TICSA certification exam! To
    learn more about the TICSA certification, and to register as a TICSA
    candidate online, just go to

    http://www.trusecure.com/offer/s0100/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

  • Next message: Russ: "Alert: Microsoft Security Bulletin - MS03-022"

    Relevant Pages

    • Re: Microsoft Security Bulletin MS02-032
      ... I installed this patch today and after installing it, ... Microsoft Windows Media Player 6.4; ... > Bulletin MS02-032 ...
      (microsoft.public.security)
    • Microsoft Security Bulletin MS02-032 Update
      ... Microsoft Windows Media Player 6.4; ... Privilege Elevation; Script Invocation; Cache Patch Disclosure ... Bulletin MS01-056. ...
      (microsoft.public.security)
    • RE: 00040257
      ... Unable to Download the Appropriate Decompressor ... When you try to use Windows Media Player to play media files, ... Microsoft Windows Media Player 9 Series for Windows XP ...
      (microsoft.public.windowsmedia.server)
    • Microsoft Security Bulletin MS02-032
      ... Microsoft Windows Media Player 6.4; ... Privilege Elevation; Script Invocation; Cache Patch Disclosure ... Bulletin MS02-032 ...
      (microsoft.public.security)
    • Microsoft Security Bulletin MS03-017 - 817787
      ... Flaw in Windows Media Player Skins Downloading could allow Code ... Microsoft Windows Media Player 7.1; ... The Microsoft Security Response Center has released Microsoft Security ... Bulletin MS03-017 which concerns a vulnerability in Microsoft Windows Media ...
      (microsoft.public.security)