source: http://www.securityfocus.com/bid/1976/info
Windows Media Player is an application used for digital audio, and video content viewing.
It is possible for a user running Windows Media Player 7 to enable a skin (.wms) file and unknowingly execute an embedded malicious script. When a user attempts to retrieve a skin (.wms) file it is downloaded and resides on the user's local machine. If Windows Media Player is run with the malicious skin enabled, the Active X component would allow any arbitrary action to be achieved. Depending on internet security settings this vulnerability is also exploitable if the skin file in question resides on a web site. The script could automatically launch when a user visits the web site.
Execution of arbitrary scripts could make it possible for the malicious host to gain rights equivalent to those of the current user.
http://www.exploit-db.com/sploits/20424.zip
京公网安备 11010502034610号
暂无评论