Security flaw discovered in Windows Media Player 7

GFI SecurityLabs > News 2000 > Security flaw discovered in Windows Media ...

Can be blocked by mail essentials email content checking gateway

London, UK, 23 November 2000 - GFI, developer of email content checking & network security software, has discovered a security flaw within Windows Media Player 7 which allows a malicious user to run arbitrary code on a victim's machine as it attempts to view a web site or an HTML email. GFI has notified Microsoft Corp., which issued an advisory (Microsoft security Bulletin number MS00-090).

Windows Media Player 7 is included by default on Windows Millennium Editions and is available from Microsoft for free. It includes skinning capabilities that allow it to change interface. GFI has found that this can be exploited to execute code on remote machines.

"The exploit works simply by opening an email on a machine which includes Windows Media Player 7 and on which HTML scripts are allowed, or by browsing a malicious site," warned GFI security engineer, Sandro Gauci.

"This security problem is exploited by embedding a JavaScript (.js) file within a Media Player skin file (.wmz) which can also be embedded in a Windows Media Download file (.wmd). This does not require the user to run any attachments since the Media Player file is automatically executed using an iframe tag or a window.open() with in a

About GFI
GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. With award-winning technology, an aggressive pricing strategy and a strong focus on small-to-medium sized businesses, GFI is able to satisfy the need for business continuity and productivity encountered by organizations on a global scale. Founded in 1992, GFI has offices in Malta, London, Raleigh, Hong Kong, and Adelaide which support more than 200,000 installations worldwide. GFI is a channel-focused company with over 10,000 partners throughout the world. GFI is also a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com.

All product and company names herein may be trademarks of their respective owners.

	Editors, apply for a product review pack here!

	Subscribe to GFI news! Receive GFI security & product news/tips, sent monthly.

	GFI product brochure Find out more about GFI's product range!

Check out GFI's product range


>	GFI MailEssentials for Exchange/SMTP

>	GFI MailSecurity for Exchange/SMTP

>	GFI MailArchiver for Exchange

>	GFI FAXmaker for Exchange/SMTP

>	GFI LANguard Network Security Scanner

>	GFI EventsManager

>	GFI EndPointSecurity

>	GFI Network Server Monitor

>	GFI WebMonitor for ISA Server

© 2008. All rights reserved. GFI Software	Home Products Download trials Support Ordering Site map About us Contact us
GFI solutions: Exchange anti spam filter - exchange anti virus - isa server - network vulnerability scanner - event log management - USB security software - exchange archiving - fax server software

Products

Product overviews

Products brochure

Anti-spam

Exchange anti-virus

Email archiving

Fax server

Security scanning

Event log monitoring

Portable storage control

Network monitoring

ISA Server anti-virus

PCI compliance

Downloads

Ordering

Pricing

How to buy

Sales & orders FAQ

Order now!

Support

Company

About us

Contact us

Offices

GFI SecurityLabs

News

Awards

Careers

Subscribe to GFI news!