Bug in Windows Media Player allows hijacking computers

Microsoft announced today that there's a critical security hole in its Windows Media Player products. The bug would allow attackers to "hijack" user's computer. Bug is available in WMP 7.1 and WMP 8.0, also known as Windows Media Player for XP.

The problem doesn't exist in WMP9 or in the older WMP versions, such as the good olde WMP 6.4 that is almost legendary among the videophiles. The malicious code can be masquerated to look like a WMP7/8 skin and when downloaded and installed, it executes itself and can do virtually anything the code's programmer wants it to do on user's computer.



Microsoft has released a patch for the problem. The bug was found by a Finnish security firm, Online Solutions, in March and it submitted its findings to Microsoft on 14th of March.

More information:

InternetNews.com
Microsoft security bulletin and patch

Written by: Petteri Pyyny @ 7 May 2003 15:44
Advertisement - News comments available below the ad
  • 14 comments

  • A_Klingon

    Good Show from the Finns!!!!! :)

    I'm glad M$ was honest enough to admit the foul-up rather than just try to hurredly release a new 'cover up' version of WMP. Perhaps the problem is more severe than we realize, and M$ had no choice.

    Only either pure desperation, or insatiable curiosity (as in the recent HMV download offer), will I advance past WMP 6.4. It's a staple, uninhibited, uncrippled viewer.

    -- Me --

    8.5.2003 01:26 #1

  • Ghostdog

    I donīt really like WMP versions 7 and up anyway. 6.4 seems to still be one of the best players around, although I guess Iīll have to try out The DivX player, since it will be utilizing hardware features on my graphics card.

    8.5.2003 06:26 #2

  • Warpoet

    Thank god i don't use Windows Media player.

    -WP-

    10.5.2003 11:36 #3

  • A_Klingon

    WMP version 6.4 is A-ok as a simple, utility audio/video player. Anything later than that spells trouble. I wouldn't install anything past Direct-X version 8.0 either. Ver 9.0 cannot be removed (uninstalled) without a very special, hard-to-find utility program.

    10.5.2003 11:52 #4

  • Ghostdog

    Well itīs not that hard to find. If you ask around on discussion forums that cover things like graphics cards, someone usually has a link.

    11.5.2003 09:22 #5

  • A_Klingon

    (Perhaps). Point is, Ghostdog, I don't believe that a person should have to rely on hurredly-developed third-part fix-ups (thank god we have them) to counteract MicroSoft's ever-intrusive and insistent way of doing things.

    Be very very leery of any microsoft software that can't be UNinstalled, once INstalled.

    11.5.2003 12:01 #6

  • Ghostdog

    I agree, there should be an option to uninstall DirectX. Iīm sure many people would appreciate an option like that.

    11.5.2003 13:49 #7

  • shawn3905

    Please forgive me if I ask this in the wrong place but I was wondering if Ghostdog knows where I could get a link to get windows media player removed from my computer. Anytime I try to use any other media player, WMP starts and crashes.

    thanks in advance

    4.2.2004 14:04 #8

  • cleft

    You should stay away from Media9 player. This one (and those that are sure to follow) contain a phone home tattle tale for those playing mp3's that are not ligitmate files. It is one of the reasons they want to make it hard to remove. Personally, I prefer QCD player and have Media player removed from my computer. I don't like wma files nor do I wish to support the Micro$uck$ platform more than necessary. They can keep DMCA supported files I will keep what I have and we will both have to live with that.

    There is not much that Micro$uck$ puts out that is not eyed with a fine tooth comb by hackers for any advantage they can find to gain access to your computer.

    Experience is usually gained after you need it.

    4.2.2004 17:37 #9

  • Ghostdog

    Shawn: I was forced to install WMP9 a while ago to view a presentation, but I didnīt have any major problems when un-installing it.

    Are you using XP?

    5.2.2004 04:03 #10

  • shawn3905

    Yes, I have XP home edition

    5.2.2004 05:39 #11

  • Ghostdog

    I remember hearing awhile ago that WMP is a part of Windows XP itself. Maybe you canīt un-install it at all? Iīm a Windows 2000 user myself, so I canīt really check, but if you ask around someone should be able to tell you if you can un-install it. Try looking for the uninstaller in WMPīs folder.

    Could you clarify a bit what you mean when you say "anytime I try to use any other media player, WMP starts and crashes"?

    5.2.2004 08:19 #12

  • shawn3905

    Ya, if I try to use any media player besides WMP (ie. Nero, video lan, roxio) then WMP starts at the same time causing my computer to shut down and reboot, forcing me to use WMP exclusivly.
    Any ideas are much apprieciated as I would like to use a program other than WMP. (BTW it is version 9)
    thanx for your help thus far.

    6.2.2004 05:03 #13

  • Ghostdog

    You could try to change to file associations, if you havenīt gone down that road yet.

    Access any folder, open "Folder options" from the Tools-menu, go to "File types" and look for specific media files that are set to be played back by WMP and click "Change". Then just select a program from the list that pops up.
    This is the way it works on Windows 2000. XP should act similarly. Let me know if it works.

    6.2.2004 07:09 #14

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud