| Name | MS.Windows.Media.Player.ActiveX.Insecure.Method.Access |
| Alias/es | MS.Windows.Media.Player.ActiveX.Insecure.Method.Acess Windows.Media.Player.ActiveX.setItemInfo |
| Release Date | Sep 11, 2006 |
| Severity | Low |
| Impact | System compromise: script execution. |
| Description | This indicates a possible attempt to exploit a script injection vulnerability in the Windows Media Player ActiveX control (setiteminfo).
A vulnerability in the ActiveX control for Windows Media Player version 9 allows script injection. An attacker can manipulate the media library to inject a script into the metadata of media files, such as the "album" or "artist" name. When a user opens a media file from Internet Explorer the malicious script is executed in local computer zone. |
| Affected Products | Windows Media player version 9. |
| Recommended Actions | Upgrade Windows media player to version 10 or later. |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-1324
|
| Reference/s | http://www.securityfocus.com/bid/12031 (BugTraq)
http://www.4rman.com/security.htm
|