lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <Law9-F35LVbNDN4CxpA00006fb1@hotmail.com>
From: lise_moorveld at hotmail.com (Lise Moorveld)
Subject: Windows Mediaplayer separate vulnerability?

Hello,

In Microsoft Security Bulletin MS03-040 [1] regarding a cumulative patch for 
Internet Explorer, users are recommended to install a patch for Windows 
Mediaplayer (KB article 828026 [2]). However, they state that this is not a 
security issue.

CERT, on the other hand, states the following about the Mediaplayer issue in 
VU#222044 [3]:
"A remote attacker may be able to execute arbitrary code on the local 
system."
Which sounds pretty serious.

Secunia appears to agree [4]. However, it is unclear on what information 
both CERT and Secunia base this conclusion.

Finally, SecurityFocus links this issue to an issue [5] reported by 
http-equiv back in july in BID8263 [6]. Although SecurityFocus does admit 
there is very little info at the moment on which to base this.

Does anybody know what's up? Is this a new issue that is being downplayed by 
Microsoft? Is it an old issue? Or is it really not a security issue and can 
it only be exploited in conjunction with other vulnerabilities, as MS 
states.

Any ideas?

regards,

Lise


references:
[1] http://www.microsoft.com/technet/security/bulletin/MS03-040.asp
[2] http://support.microsoft.com/default.aspx?scid=kb;en-us;828026
[3] http://www.kb.cert.org/vuls/id/222044
[4] http://www.secunia.com/advisories/9957/
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0604
[6] http://www.securityfocus.com/bid/8263

_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ