Microsoft Media Player contains a vulnerability in the parsing of "Skin Files" that may permit a remote attacker to download arbitrary files to a known location on the local system.
Microsoft Media Player is an application that plays various types of media files. The user can customize the appearance of Microsoft's Media Player through the use of skin files. Skin files can be created and downloaded from the Internet. Microsoft's Media Player uses XML to determine the location of these files.
A directory traversal vulnerability exists in Microsoft Media Player 7.1 (for Windows 98, 98SE, ME, 2000) and 8.0 (Windows XP) when parsing of an XML file specifying the location of a skin file. The XML parser fails to recognize hex encoded characters that can permit an attacker to exit the temporary directory, and place files in a known location on the system.
A remote attacker may be able to download arbitrary files to the system in a known location. If the file is placed in the "Start Up" folder, or used in conjunction with other vulnerabilities (such as VU#626395, VU#25249 or VU#489721), the attacker may then be able to execute arbitrary code on the system.
Microsoft has released patches for versions 7.1 and 8.0 in MS03-017 to address this issue.
Microsoft Media Player 9 is not affected by this vulnerability.
Thanks to Jouko Pynnonen for reporting this vulnerability and Microsoft for addressing this issue.
This document was written by Jason A Rafail.
|Date First Published:||2003-05-07|
|Date Last Updated:||2003-05-15 15:57 UTC|