| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Oct 2009 08:12:28 -0600 From: renard-volant@...mail.com To: bugtraq@...urityfocus.com Subject: Windows Media Player Plugin: Local File Detection Vulnerability *** Windows Media Player Plugin: Local File Detection Vulnerability *** A design flaw in Windows Media Player 11 allows a remote attacker to determine the presence of local files (programs, documents, etc.). I sent an e-mail to Microsoft (nearly a year ago) but they never responded… Windows Media Player permits to open locally stored media-files. Opening non-supported files usually provokes an error message. By a simple HTTP-redirect, the error message can be circumvented. Local files can be opened. The file-opening-procedure can be controlled with the “Player.OpenStateChange Event”. If a file exists, event 8 (”MediaChanging”) is fired. This way, via JavaScript, a malicious web site could determine the presence of local (and remote) files. Additional infos (in German): www.lrv.ch.vu I’ve also set up a demo page at: http://lrv.bplaced.net/wmp/wmp.php
Powered by blists - more mailing lists