ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Hole found in Windows Media Player "skins"

Gwendolyn Mariano, CNET New.com CNet

Published: 17 Jan 2001 10:51 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Security experts are warning of a high-risk security hole affecting Microsoft Windows Media Player 7 "skins", which are used to give the desktop application a custom look and feel.

Bug hunter Georgi Guninski of Bulgaria published an advisory of the exploit Monday, warning of a security vulnerability by which attackers could read local files and browse directories that would enable them to execute arbitrary programs. "It is a high risk," said Elias Levy, chief technology officer for SecurityFocus.com. "[The vulnerability] allows you to take full control of a machine. Someone could do whatever they want to."

Guninski said that the problem is in the Windows Media Player skins, which alter the appearance of a program interface but not its functions.

"The key here is [Guninski's] downloaded Java applets into a known location, which is the directory that holds the skin for Microsoft Media Player," Levy said. "Obviously Windows Media Player and Internet Explorer are widely deployed applications... so we should be encouraging people to upgrade once Microsoft releases a patch for it."

Michael Aldridge, lead product manager for Microsoft's Windows Digital Media division, said people can already protect themselves from the vulnerability. In the Internet Explorer, Internet options for security zones allow a consumer to disable any unsigned Java content so it cannot run on a PC.

Aldridge said Guninski notified Microsoft of the vulnerability Friday. "Like any security issue, we take anything like this very seriously," Aldridge said. "Once we've thoroughly investigated it and figured out various permeations, we obviously want to post a patch as soon as possible."

Levy said skins have become popular among computer users and companies because they apply a custom look, such as branding, to applications.

Take me to ZDNet Enterprise

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read what others have said.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Kyocera

Did you find this article useful?
60 out of 110 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

.Net, SQL Server Developer/ Consultant, Glasgow City Centre

My client is a Microsoft Gold Partner, who pride themselves in being experts in building solutions around the .NET platform: This is highlighted in ...

BI Solution Design Manager, West Mids, 28 - 43K +great package

You will be required to have the following skills: Excellent data modelling skills Extremely proficient in providing business requirement ...

C++ Developer who is a good team player - Warwick

C++ and Linux is what this company nees and a good team player! A small company based in Warwick are searching for a Software Developer with skill ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Biometric devices. Do you need one?

When saying “biometrics” I am not thinking about law enforcement, AFIS systems, national ID and visa projects. I first think about personal solutions that will make my life easier.... More

1 comment

Barracuda launches counter-suit agains...

Court cases are never pleasant or simple. The ongoing battle between security companies Trend Micro and Barracuda Networks took a new twist on Wednesday, when Barracuda launched a counter-suit... More

Post a comment

Mobile Speed Demon: Wireless Surpasses...

Mobile Speed Demon: Wireless Surpasses Landline Author: Eric Everson, Founder MyMobiSafe.com As I look around my house and throughout my network of friends, I instantly realize... More

Post a comment

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers