Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.11595
Kategorie:Windows
Titel:Windows Media Player Skin Download Overflow
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is using a version of Windows Media player which is
vulnerable to a directory traversal through its handling of 'skins'.

An attacker may exploit this flaw to execute arbitrary code on this
host with the privileges of the user running Windows Media Player.

To exploit this flaw, one attacker would need to craft a specially
malformed skin and send it to a user of this host, either directly
by e-mail or by sending a URL pointing to it.

Affected Software:

- Microsoft Windows Media Player 7.1
- Microsoft Windows Media Player for Windows XP (Version 8.0)


Solution :
- see http://www.microsoft.com/technet/security/bulletin/ms03-017.mspx
- If you run Windows XP, install Service Pack 2

Risk factor : High

Querverweis: BugTraq ID: 7517
Common Vulnerability Exposure (CVE) ID: CVE-2003-0228
http://www.securityfocus.com/bid/7517
Bugtraq: 20030507 Windows Media Player directory traversal vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=105232913516488&w=2
Bugtraq: 20030508 why i love xs4all + mediaplayer thingie (Google Search)
http://marc.info/?l=bugtraq&m=105240528419389&w=2
CERT/CC vulnerability note: VU#384932
http://www.kb.cert.org/vuls/id/384932
Microsoft Security Bulletin: MS03-017
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-017
http://marc.info/?l=ntbugtraq&m=105233960728901&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A321
XForce ISS Database: mediaplayer-skin-code-execution(11953)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11953
CopyrightThis script is Copyright (C) 2003 Renaud Deraison

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.