Microsoft Windows Media Player ActiveX Control Unauthorized Media Library Manipulation

2003-06-25T00:00:00
ID OSVDB:10997
Type osvdb
Reporter Jelmer(jkuperus@planet.nl)
Modified 2003-06-25T00:00:00

Description

Vulnerability Description

Microsoft Windows Media Player contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious ActiveX control is executed by the victim user, which will disclose the contents of the Media Library. This may also potentially give write access to the media library. This may result in a loss of confidentiality and/or integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Microsoft Windows Media Player contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious ActiveX control is executed by the victim user, which will disclose the contents of the Media Library. This may also potentially give write access to the media library. This may result in a loss of confidentiality and/or integrity.

References:

Vendor Specific Solution URL: http://www.microsoft.com/downloads/details.aspx?FamilyId=36814221-8194-4492-BB29-94DB3D4CB682&displaylang=en Vendor Specific Solution URL: http://www.microsoft.com/downloads/details.aspx?FamilyId=82CD6192-15D8-4E28-9B14-F9B78FF01D8A&displaylang=en Security Tracker: 1007057 Secunia Advisory ID:9114 Other Advisory URL: http://www.securiteam.com/windowsntfocus/5OP0N1FAAO.html Microsoft Security Bulletin: MS03-021 Mail List Post: http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0307&L=ntbugtraq&F=P&S=&P=1494 Mail List Post: http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0306&L=ntbugtraq&F=P&S=&P=6169 ISS X-Force ID: 12440 CVE-2003-0348 CERT VU: 320516 Bugtraq ID: 8034