Windows Media Player 7.1: Patch for Cache Disclosure, Privilege Elevation, and Script Vulnerabilities

Change Language:
Microsoft has released a patch that eliminates three security vulnerabilities in Microsoft® Windows Media™ Player 7.1.
  • Version:


    File Name:


    Date Published:


    File Size:

    1.3 MB

      Microsoft has released a patch that eliminates three security vulnerabilities in Microsoft® Windows Media™ Player 7.1. One is a Cache Disclosure vulnerability via Windows Media Player. The second is a Privilege Elevation vulnerability through Windows Media Device Manager Service. The third is a Media Playback Script Invocation vulnerability.
  • Supported Operating Systems:

    Windows 2000, Windows 98, Windows ME

      • Windows Media Player 7.1
      1. Click the Download link to start the download, or choose a different language from the drop-down list and click Go.
      2. Do one of the following:
        • To start the installation immediately, click Open or Run this program from its current location.
        • To copy the download to your computer for installation at a later time, click Save or Save this program to disk.
    • This is a cumulative patch that includes the functionality of all previously released patches for Windows Media Player 6.4, 7.1 and Windows Media Player for Windows XP. In addition, it eliminates the following three newly discovered vulnerabilities one of which is rated as critical severity, one of which is rated moderate severity, and the last of which is rated low severity:
      • An information disclosure vulnerability that could provide the means to enable an attacker to run code on the user's system and is rated as critical severity.
      • A privilege elevation vulnerability that could enable an attacker who can physically logon locally to a Windows 2000 machine and run a program to obtain the same rights as the operating system.
      • A script execution vulnerability related that could run a script of an attacker's choice as if the user had chosen to run it after playing a specially formed media file and then viewing a specially constructed web page. This particular vulnerability has specific timing requirements that makes attempts to exploit vulnerability difficult and is rated as low severity.
      • It also introduces a configuration change relating to file extensions associated with Windows Media Player. Finally, it introduces a new, optional, security configuration feature for users or organizations that want to take extra precautions beyond applying IE patch MS02-023 and want to disable scripting functionality in the Windows Media Player for versions 7.x or higher.

Popular Downloads

Loading your results, please wait...

Free PC updates

  • Security patches
  • Software updates
  • Service packs
  • Hardware drivers