Help and Support
 

powered byLive Search

MS02-032: Patch Available for Windows Media Player Cache Disclosure Vulnerability

View products that this article applies to.
Article ID:321678
Last Review:February 1, 2007
Revision:3.7
This article was previously published under Q321678
On This Page

SYMPTOMS

Windows Media Player has an information-disclosure vulnerability that an attacker can use to run code on a user's computer. The code would then be able to take any actions on the computer that the user could accomplish. For example, adding, changing or deleting data, communicating with Web sites, or changing the configuration of the computer.

The attacker's code would run with the same rights as the user. Any restrictions on the user's ability to change the computer would apply to the attacker's code. For example, if the user were prevented from deleting files on the hard disk, the attacker's code would similarly be prevented. Conversely, if a user were using an account with high rights such as an administrator's account, the attacker's code would also run with the same high rights.

Back to the top

CAUSE

The vulnerability results because of a flaw in how Windows Media Player handles certain types of licenses for secure media files when the media file is stored in the Microsoft Internet Explorer cache. Specifically, when a type of secure Windows Media file is opened, the Windows Media Player incorrectly returns information to the server that discloses the location of the Internet Explorer cache as it processes the request to the site for the licensing information.

Back to the top

RESOLUTION

Windows Media Player for Windows XP

The update for this problem is included in the Windows Media Player rollup package that is referenced in the following article in the Microsoft Knowledge Base:
320920 (http://support.microsoft.com/kb/320920/EN-US/) MS02-032: Windows Media Player Rollup Available

Back to the top

Windows Media Player 7.1

The update for this problem is included in the Windows Media Player rollup package that is referenced in the following article in the Microsoft Knowledge Base:
320920 (http://support.microsoft.com/kb/320920/EN-US/) MS02-032: Windows Media Player Rollup Available

Back to the top

Windows Media Player 6.4

The update for this problem is included in the Windows Media Player rollup package that is referenced in the following article in the Microsoft Knowledge Base:
320920 (http://support.microsoft.com/kb/320920/EN-US/) MS02-032: Windows Media Player Rollup Available

Back to the top

STATUS

Microsoft has confirmed that this problem may result in some degree of security vulnerability in the versions of Windows Media Player that are listed earlier in this article. Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

Back to the top

APPLIES TO
Microsoft Windows Media Player 6.4
Microsoft Windows Media Player 7.0
Microsoft Windows Media Player 7.1
Microsoft Windows Media Player 8.01

Back to the top

Keywords: 
kbtshoot kbbug kbfix kbsecvulnerability kbenv kbsecurity kbsecbulletin kbsechack kbwinxpsp1fix KB321678

Back to the top

Article Translations

 

Related Support Centers

Other Support Options

  • Need More Help?
    Contact a Support professional by Email, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.