December 10, 2006

Security Hole Found in Windows Media Player

Users are being advised to disable a certain type of file in Microsoft's Windows Media Player software following the discovery of a new security hole in the software.

Windows Media Player versions 9 and 10 are affected by the flaw, which could allow a malicious hacker to run unauthorized software on a victim's PC or cause a denial of service attack, according to security company FrSIRT, which rated the problem critical in an advisory Thursday.

The flaw is due to a buffer overflow error that can occur when Windows Media Player is used to run ".asx" media files, according to a warning from eEye Digital Security.

Such files open automatically in a Web browser, meaning a hacker would need only to post an infected .asx file in a Web page and then try to lure users to visit the page, eEye Digital said. An infected file could also be sent via email, in which case users would need to be persuaded to open it.

MORE...

No comments: