chiawaikian Posted February 19, 2006 Share Posted February 19, 2006 As was widely predicted earlier in the week, exploits have already appeared for one of the vulnerabilities rated critical and patched by Microsoft on Tuesday 14th. Two ?proof of concept? pieces of code were posted on the Bugtraq list and, according to experts, are ?minutes or days away from being completed?. The vulnerability itself stems from a problem in the way many releases of the Microsoft Media Player (from version 7.1 up to 10) handle bitmap image files. This potentially allows an attacker to exploit arbitrary code on the victim machine and gain full control over it. The way in which this vulnerability can be exploited is very similar to the recent WMF issue. All that is needed from the user is to open a specially constructed bitmap file with the Media Player. Microsoft has claimed that it is quite unlikely that the Media Player would be configured to do that. However they also concede that many users will have Internet Explorer launch automatically in order to view different types of online media content. Attackers can exploit this configuration, and it appears that they are very close to unleashing malware based on this exploit on unpatched users. In recent weeks it has been highlighted that the speed with which attackers rustle up new exploits seems to be increasing in a race with software creators like Microsoft, who have also speeded up when releasing patches for new vulnerabilities. Attackers are so keen to use every opportunity that they even release exploits for flaws that are already patched, hoping to catch out users who have not heeded the advice to immediately install critical updates. This means that even though there is generally a lesser time gap between the publication of a vulnerability and a patch for it appearing, it is offset by the equally smaller time gap between publication and the appearance of exploits for the flaw. Any users who have not yet patched their systems for the Media Player bitmap vulnerability should do so immediately. The patch can be downloaded from Microsoft TechNet or via the automatic update facility. Source: http://www.viruslist.com/en/news?id=180268032 Link to comment Share on other sites More sharing options...
krit86lr Posted February 19, 2006 Share Posted February 19, 2006 Why would WMP handle a bitmap image? Windows Pro Media 8.1 x64 | 8GB Ram | 500G HDD 7200 RPM | All that I know about my graphics is that it's Intel Link to comment Share on other sites More sharing options...
Capman Posted February 19, 2006 Share Posted February 19, 2006 It is not so much saying that WMP would be exploited directly by the use of bitmap images, but more by the fact that when WMP uses IE to connect to online resources then the bitmaps that are possibly displayed could have a detrimental effect in collaboration with IE's and WMP's vulnerabilities to allow malicious code to be downloaded to a users computer. Link to comment Share on other sites More sharing options...
krit86lr Posted February 19, 2006 Share Posted February 19, 2006 It is not so much saying that WMP would be exploited directly by the use of bitmap images, but more by the fact that when WMP uses IE to connect to online resources then the bitmaps that are possibly displayed could have a detrimental effect in collaboration with IE's and WMP's vulnerabilities to allow malicious code to be downloaded to a users computer. What bitmaps? Videos, etc...? Windows Pro Media 8.1 x64 | 8GB Ram | 500G HDD 7200 RPM | All that I know about my graphics is that it's Intel Link to comment Share on other sites More sharing options...
lokoike Posted February 19, 2006 Share Posted February 19, 2006 What bitmaps? Videos, etc...? The only bitmap I can think of is the picture of your album cover that will display if you find your CD information on the web. That is a bitmap image. Save a tree, eat a beaver. Save a tree, wipe with an owl. Every time a bell rings, a thread gets hijacked! ding, ding! Give Andavari lots of money and maybe even consider getting K a DVD-RW drive. If it's not Scottish, IT'S CRAP!!! Link to comment Share on other sites More sharing options...
krit86lr Posted February 19, 2006 Share Posted February 19, 2006 The only bitmap I can think of is the picture of your album cover that will display if you find your CD information on the web. That is a bitmap image. That's that then. This thread has solved my security issue. No mas WMP. Windows Pro Media 8.1 x64 | 8GB Ram | 500G HDD 7200 RPM | All that I know about my graphics is that it's Intel Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now