Jump to content

Media Player exploit 'minutes or days away'


chiawaikian

Recommended Posts

As was widely predicted earlier in the week, exploits have already appeared for one of the vulnerabilities rated critical and patched by Microsoft on Tuesday 14th. Two ?proof of concept? pieces of code were posted on the Bugtraq list and, according to experts, are ?minutes or days away from being completed?.

 

The vulnerability itself stems from a problem in the way many releases of the Microsoft Media Player (from version 7.1 up to 10) handle bitmap image files. This potentially allows an attacker to exploit arbitrary code on the victim machine and gain full control over it. The way in which this vulnerability can be exploited is very similar to the recent WMF issue. All that is needed from the user is to open a specially constructed bitmap file with the Media Player. Microsoft has claimed that it is quite unlikely that the Media Player would be configured to do that. However they also concede that many users will have Internet Explorer launch automatically in order to view different types of online media content. Attackers can exploit this configuration, and it appears that they are very close to unleashing malware based on this exploit on unpatched users.

 

In recent weeks it has been highlighted that the speed with which attackers rustle up new exploits seems to be increasing in a race with software creators like Microsoft, who have also speeded up when releasing patches for new vulnerabilities. Attackers are so keen to use every opportunity that they even release exploits for flaws that are already patched, hoping to catch out users who have not heeded the advice to immediately install critical updates. This means that even though there is generally a lesser time gap between the publication of a vulnerability and a patch for it appearing, it is offset by the equally smaller time gap between publication and the appearance of exploits for the flaw.

 

Any users who have not yet patched their systems for the Media Player bitmap vulnerability should do so immediately. The patch can be downloaded from Microsoft TechNet or via the automatic update facility.

 

 

 

Source: http://www.viruslist.com/en/news?id=180268032

Link to comment
Share on other sites

It is not so much saying that WMP would be exploited directly by the use of bitmap images, but more by the fact that when WMP uses IE to connect to online resources then the bitmaps that are possibly displayed could have a detrimental effect in collaboration with IE's and WMP's vulnerabilities to allow malicious code to be downloaded to a users computer.

Link to comment
Share on other sites

It is not so much saying that WMP would be exploited directly by the use of bitmap images, but more by the fact that when WMP uses IE to connect to online resources then the bitmaps that are possibly displayed could have a detrimental effect in collaboration with IE's and WMP's vulnerabilities to allow malicious code to be downloaded to a users computer.

 

What bitmaps? Videos, etc...?

Windows Pro Media 8.1 x64  |  8GB Ram  |  500G HDD 7200 RPM  |  All  that I know about my graphics is that it's Intel  :)

Link to comment
Share on other sites

What bitmaps? Videos, etc...?

 

The only bitmap I can think of is the picture of your album cover that will display if you find your CD information on the web. That is a bitmap image.

Save a tree, eat a beaver.

Save a tree, wipe with an owl.

 

Every time a bell rings, a thread gets hijacked!

ding, ding!

 

Give Andavari lots of money and maybe even consider getting K a DVD-RW drive.

 

If it's not Scottish, IT'S CRAP!!!

Link to comment
Share on other sites

The only bitmap I can think of is the picture of your album cover that will display if you find your CD information on the web. That is a bitmap image.

 

That's that then. This thread has solved my security issue. No mas WMP. :(

Windows Pro Media 8.1 x64  |  8GB Ram  |  500G HDD 7200 RPM  |  All  that I know about my graphics is that it's Intel  :)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.