Hole found in Windows Media Player 'skins'

Security experts are warning of a high-risk security hole affecting Microsoft Corp. (msft) Windows Media Player 7 "skins," which areused to give the desktop application a custom look and feel.

Written by ZDNET Editors, Contributor Jan. 16, 2001 at 4:00 p.m. PT

Security experts are warning of a high-risk security hole affecting Microsoft Corp. (msft) Windows Media Player 7 "skins," which are used to give the desktop application a custom look and feel.

Bug hunter Georgi Guninski of Bulgaria published an advisory of the exploit Monday, warning of a security vulnerability by which attackers could read local files and browse directories that would enable them to execute arbitrary programs.

"It is a high risk," said Elias Levy, chief technology officer for SecurityFocus.com. The vulnerability "allows you to take full control of a machine. Someone could do whatever they want to."

Guninski said that the problem is in the Windows Media Player skins, which alter the appearance of a program interface but not its functions. Michael Aldridge, lead product manager for Microsoft's Windows Digital Media division, said people can already protect themselves from the vulnerability. In the Internet Explorer, Internet options for security zones allow a consumer to disable any unsigned Java content so it cannot run on a PC. -- Gwendolyn Mariano, Special to ZDNet News

Editorial standards

Show Comments

Hole found in Windows Media Player 'skins'

Related

7 reasons I use Copilot instead of ChatGPT

Facebook's Meta AI is lying when it says you can disable it - but here's what you can do

The work laptop I recommend to most people is not made by Apple or Lenovo