LINKS
INSTRUCTION
STRINGS
ACCESSORIES
MUSIC
| Visit Our Catalog at SteelGuitarShopper.com |

The Steel Guitar Forum

FAQ Search Join Private Messages Profile Log in


Post new topic Media Player exploit 'minutes or days away'
Reply to topic
Forum Index > Computers Next oldest topic :: Next newest topic
Author Topic:  Media Player exploit 'minutes or days away'
Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 17 Feb 2006 3:43 pm    
Reply with quote
Fw: Viruslist.com - News -
Media Player exploit 'minutes or days away'

17 Feb 2006

*****

As was widely predicted earlier in the week, exploits have already appeared for one of the vulnerabilities rated critical and patched by Microsoft on Tuesday 14th. Two "proof of concept" pieces of code were posted on the Bugtraq list and, according to experts, are "minutes or days away from being completed".

The vulnerability itself stems from a problem in the way many releases of the Microsoft Media Player (from version 7.1 up to 10) handle bitmap image files. This potentially allows an attacker to exploit arbitrary code on the victim machine and gain full control over it. The way in which this vulnerability can be exploited is very similar to the recent WMF issue. All that is needed from the user is to open a specially constructed bitmap file with the Media Player. Microsoft has claimed that it is quite unlikely that the Media Player would be configured to do that. However they also concede that many users will have Internet Explorer launch automatically in order to view different types of online media content. Attackers can exploit this configuration, and it appears that they are very close to unleashing malware based on this exploit on unpatched users.

In recent weeks it has been highlighted that the speed with which attackers rustle up new exploits seems to be increasing in a race with software creators like Microsoft, who have also speeded up when releasing patches for new vulnerabilities. Attackers are so keen to use every opportunity that they even release exploits for flaws that are already patched, hoping to catch out users who have not heeded the advice to immediately install critical updates. This means that even though there is generally a lesser time gap between the publication of a vulnerability and a patch for it appearing, it is offset by the equally smaller time gap between publication and the appearance of exploits for the flaw.

Any users who have not yet patched their systems for the Media Player bitmap vulnerability should do so immediately. The patch can be downloaded from Microsoft TechNet or via the automatic update facility.

[This message was edited by Wiz Feinberg on 17 February 2006 at 03:47 PM.]
View user's profile Send private message Send e-mail Visit poster's website
Forum Index > Computers Next oldest topic :: Next newest topic
Post new topic Reply to topic

All times are GMT - 8 Hours
Jump to:  
Please review our Forum Rules and Policies
Our Online Catalog
Strings, CDs, instruction, and steel guitar accessories
www.SteelGuitarShopper.com

The Steel Guitar Forum
148 S. Cloverdale Blvd.
Cloverdale, CA 95425 USA

Click Here to Send a Donation

Email SteelGuitarForum@gmail.com for technical support.


Powered by phpBB © 2001, 2005 phpBB Group

BIAB Styles
Ray Price Shuffles for Band-in-a-Box
by Jim Baron