Experts warn of Media Player vulnerability

By

Specially crafted Media Player .asx file could be used to gain control.

Experts warn of Media Player vulnerability
A newly discovered security vulnerability in Windows Media Player has prompted security firms to warn users to remain extra vigilant and alter the way they handle a certain type of file.

According to a Microsoft security advisory, an attacker could use a specially crafted Media Player .asx file to gain control of a user's system and remotely execute malware. 

The file could be placed in an HTML file, causing it to be automatically launched by the user's web browser.

Microsoft has confirmed the vulnerability and said that it is investigating the issue.

Secunia has given the vulnerability a rating of 'highly critical', the security firm's second highest alert level. 

Originally disclosed on 22 November, and thought to cause only a denial-of-service attack, security research firm EEye now believes that exploit code could be written for the vulnerability. 

EEye suggests that users can mitigate the threat by changing the default application to load .asx files. 

WatchGuard security analyst Corey Nachreiner, however, believes that users should not panic over the vulnerability. 

In a posting to WatchGuard's newswire feed entitled 'Unpatched Windows Media Player vulnerability announced; world fails to end,' Nachreiner downplays the immediate urgency of the flaw.

"While I do not doubt EEye's findings, there is a big difference between a flaw assumed to allow code execution and one confirmed to allow code execution, " he said.

Nachreiner pointed out that the Media Player vulnerability does not pose as serious a threat to users as the currently unpatched and active Word exploit.

The analyst still recommends users to follow EEye's steps to mitigate the effect of the vulnerability.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Log In

  |  Forgot your password?