[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Windows Media Player Plugin: Local File Detection Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Windows Media Player Plugin: Local File Detection Vulnerability
From: renard-volant@xxxxxxxxxxx
Date: Fri, 30 Oct 2009 08:12:28 -0600

*** Windows Media Player Plugin: Local File Detection Vulnerability ***

A design flaw in Windows Media Player 11 allows a remote attacker to determine 
the presence of local files (programs, documents, etc.). I sent an e-mail to 
Microsoft (nearly a year ago) but they never responded?

Windows Media Player permits to open locally stored media-files. Opening 
non-supported files usually provokes an error message. By a simple 
HTTP-redirect, the error message can be circumvented. Local files can be 
opened. The file-opening-procedure can be controlled with the 
?Player.OpenStateChange Event?. If a file exists, event 8 (?MediaChanging?) is 
fired. This way, via JavaScript, a malicious web site could determine the 
presence of local (and remote) files.

Additional infos (in German): www.lrv.ch.vu

I?ve also set up a demo page at: http://lrv.bplaced.net/wmp/wmp.php

Prev by Date: PSAtr v1.2 Sql Injection
Next by Date: CVE-2009-1979 (Oracle RDBMS)
Previous by thread: PSAtr v1.2 Sql Injection
Next by thread: CVE-2009-1979 (Oracle RDBMS)
Index(es):
- Date
- Thread