Security researcher finds flaw in Windows Media Player
Petko Petkov outlines Windows hack using malicious media files
Computerworld - Hackers can wield malicious Windows Media Player files to exploit any unpatched Internet Explorer (IE) vulnerability on a PC -- even if the user relies on Firefox, Opera or some other Web browser, a U.K. security researcher said yesterday.
Microsoft Corp. is investigating, a spokesman said today.
Petko Petkov, a penetration tester who released proof-of-concept code last week for a flaw in Apple Inc.'s QuickTime, said Tuesday that Microsoft's media software also harbors critical bugs that could be used to hijack PCs. On his blog, Petkov posted several exploits targeting a vulnerability in the "HTMLView value" XML tag that's used in several support Windows Media Player file formats, including .asx.
"HTMLView will display a page of our choice within the stand-alone Windows Media Player," Petkov said. "I repeat, the page will be opened within the Media Player surroundings, not a stand-alone browser. This is very interesting behavior."
On a fully-patched PC running Windows XP SP2 with either IE6 or IE7, Petkov was able to force Media Player to open a malicious URL. "Let me translate this for you," he said. "It means that even if you are running Firefox and you think that you are secure, by simply opening a media file, you expose yourself to all IE vulnerabilities."
Petkov embedded malicious script code into the pages he created, then injected into Media Player in the multiple exploit samples he posted on his blog yesterday. In his proofs of concept, the script simply launches a pop-up window that tells the user his machine has been compromised.
Version 11 of Media Player throws up a confirmation dialog box that may make some users think twice about allowing a malicious file to access the program, as does Media Player 10. Earlier editions, however, including Version 9, blithely allow the exploit without warning the user.
"Attackers are in [a] very good position to abuse the technology," said Petkov.
Late last night, Symantec Corp. warned customers of its DeepSight threat network about Petkov's findings, including the Windows Media Player problem. "[These] provide an indirect vector to execute malicious script code, which in some cases may be more difficult to filter," Symantec said in a security bulletin.
Petkov's domain, including his blog and the posted exploits, was offline Wednesday morning, but a cached version of the entry's text was available from Google.
Microsoft is looking into Petkov's claims, but a spokesman downplayed the threat. "We're currently unaware of any attacks trying to use the claimed vulnerability, or of customer impact," he said today via e-mail. "We will take steps to determine how customers can protect themselves should we confirm the vulnerability."
The next scheduled security update from Microsoft is slated for Oct. 9.
Windows Media Player has been pinned with one other critical vulnerability so far this year (Microsoft patched it in August) and three during 2006. The new Media Player 11, which is bundled with Windows Vista, debuted October 2006 and has been patched only once.
Read more about Security in Computerworld's Security Topic Center.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Live Webcast IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!