MS03-017: Flaw in Windows Media Player Skins Downloading

Thanks everyone who made a post about this.

Microsoft Windows Media Player provides functionality to change the overall appearance of the player itself through the use of "skins". Skins are custom overlays that consist of collections of one or more files of computer art, organized by an XML file. The XML file tells Windows Media Player how to use these files to display a skin as the user interface. In this manner, the user can choose from a variety of standard skins, each one providing an additional visual experience. Windows Media Player comes with several skins to choose from, but it is relatively easy to create and distribute custom skins.

A flaw exists in the way Windows Media Player 7.1 and Windows Media Player for Windows XP handle the download of skin files. The flaw means that an attacker could force a file masquerading as a skin file into a known location on a user's machine. This could allow an attacker to place a malicious executable on the system.

Impact of vulnerability: Arbitrary code execution

Maximum Severity Rating: Critical

Affected Software:

  • Microsoft Windows Media Player 7.1

  • Microsoft Windows Media Player for Windows XP (Version 8.0)
  • Originally posted: May 7, 2003

    Download: Patch for Windows Media Player 7.1

    Download: Patch for Windows Media Player 8.0 (for WindowsXP)

    View: Microsoft TechNet - Microsoft Security Bulletin ID MS03-017

    Report a problem with article
    Next Article

    Mozilla 1.4 Beta Released

    Previous Article

    SimCity 4 Rush Hour Expansion Pack is in development

    Join the conversation!

    Login or Sign Up to read and post a comment.

    -1 Comments - Add comment