Windows

Security Update for Windows XP Embedded with SP1 (817787)

Share
Language:
English
Download
This update addresses the MS03-017: Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787) for Windows XP Embedded with SP1.

  • Details
    Note: There are multiple files available for this download. Once you click on the “Download” button, you will be prompted to select the files you need.
    Version:
    Date Published:

    1.1

    10/31/2003
    File name:
    File size:

    Additional_Info_Q817787.RTF

    18 KB

    Q817787_XPE_SP2_X86_ENU.EXE

    381 KB
    KB Articles: KB811279
    Security bulletins: MS03-017
      This is the Microsoft Windows XP Embedded with Service Pack 1 component update to address MS03-017: Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787).

      Microsoft Windows Media Player provides functionality to change the overall appearance of the player itself through the use of “skins”. Skins are custom overlays that consist of collections of one or more files of computer art, organized by an XML file. The XML file tells Windows Media Player how to use these files to display a skin as the user interface. In this manner, the user can choose from a variety of standard skins, each one providing an additional visual experience. Windows Media Player comes with several skins to choose from, but it is relatively easy to create and distribute custom skins.

      A flaw exists in the way Windows Media Player 7.1 and Windows Media Player for Windows XP handle the download of skin files. The flaw means that an attacker could force a file masquerading as a skin file into a known location on a user’s machine. This could allow an attacker to place a malicious executable on the system.

      In order to exploit this flaw, an attacker would have to host a malicious web site that contained a web page designed to exploit this particular vulnerability and then persuade a user to visit that site – an attacker would have no way to force a user to the site. An attacker could also embed the link in an HTML e-mail and send it to the user.

      In the case of an e-mail borne attack, if the user was using Outlook Express 6.0 or Outlook 2002 in their default configurations, or Outlook 98 or 2000 in conjunction with the Outlook Email Security Update, then an attack could not be automated and the user would still need to click on a URL sent in the e-mail. However if the user was not using Outlook Express 6.0 or Outlook 2002 in their default configurations, or Outlook 98 or 2000 in conjunction with the Outlook Email Security Update, the attacker could cause an attack that could both place, then launch the malicious executable without the user having to click on a URL contained in an e-mail.

      The attacker's code would run with the same privileges as the user: any restrictions on the user's ability to change the system would apply to the attacker's code.

      YOU MAY NOT PROVIDE THIS UPDATE OR THE LOCATION (URL) OF THIS UPDATE TO ANY THIRD PARTIES.

  • System Requirements
    Supported Operating System

    Windows 2000, Windows Server 2003, Windows XP, Windows XP Embedded

  • Install Instructions
      Important: This QFE requires Repository look-up may cause incorrect files to be copied (Q811279) be installed prior to this fix.

      1. Download Q817787_XPE_SP2_x86_ENU.exe from this page.
      2. Execute Q817787_XPE_SP2_x86_ENU.exe on a machine with the Windows XP Embedded with Service Pack 1 tools installed.
      This package will automatically import updated and new .sld files into the current database specified in Component Database Manager. It will also copy new binaries into the Windows XP Embedded with Service Pack 1 QFE Repository folder.

      Some of the .sld files may also require importing new repository objects. The new repositories will be created on the repository root holding the main Windows XP Embedded with Service Pack 1 repository. For information on moving repositories to other locations, see Moving a Repository in your Windows Embedded Studio documentation.

      After importing this update into your database, add one of the following components to your configuration(s) if you wish to use this update:

      • Windows Media Player 8.0 - Hotfix Q817787


      See Importing Components into the Database for more information.

Popular downloads

Free PC updates

  • Security patches
  • Software updates
  • Service packs
  • Hardware drivers
Run Microsoft Update
close
moreinfo
©2013 Copyright