Windows Media Player 7.1: Patch for Cache Disclosure, Privilege Elevation, and Script Vulnerabilities
Brief Description
Microsoft has released a patch that eliminates three security vulnerabilities in Microsoft® Windows Media™ Player 7.1.
On This Page
Quick Details
| File Name: | wm320920_71.exe |
| Version: | 1 |
| Date Published: | 6/26/2002 |
| Language: | English |
| Download Size: | 1.3 MB |
| Estimated Download Time: | 4 min 56K |
|
| Change Language: | |
Overview
Microsoft has released a patch that eliminates three security vulnerabilities in Microsoft® Windows Media™ Player 7.1. One is a Cache Disclosure vulnerability via Windows Media Player. The second is a Privilege Elevation vulnerability through Windows Media Device Manager Service. The third is a Media Playback Script Invocation vulnerability. 
Top of page
System Requirements
- Supported Operating Systems: Windows 2000; Windows 98; Windows ME
Top of page
Instructions
- Click the Download link to start the download, or choose a different language from the drop-down list and click Go.
- Do one of the following:
- To start the installation immediately, click Open or Run this program from its current location.
- To copy the download to your computer for installation at a later time, click Save or Save this program to disk.
Top of page
Additional Information
This is a cumulative patch that includes the functionality of all previously released patches for Windows Media Player 6.4, 7.1 and Windows Media Player for Windows XP. In addition, it eliminates the following three newly discovered vulnerabilities one of which is rated as critical severity, one of which is rated moderate severity, and the last of which is rated low severity:
- An information disclosure vulnerability that could provide the means to enable an attacker to run code on the user's system and is rated as critical severity.
- A privilege elevation vulnerability that could enable an attacker who can physically logon locally to a Windows 2000 machine and run a program to obtain the same rights as the operating system.
- A script execution vulnerability related that could run a script of an attacker's choice as if the user had chosen to run it after playing a specially formed media file and then viewing a specially constructed web page. This particular vulnerability has specific timing requirements that makes attempts to exploit vulnerability difficult and is rated as low severity.
- It also introduces a configuration change relating to file extensions associated with Windows Media Player. Finally, it introduces a new, optional, security configuration feature for users or organizations that want to take extra precautions beyond applying IE patch MS02-023 and want to disable scripting functionality in the Windows Media Player for versions 7.x or higher.
Top of page
Top of page
