Microsoft found a flaw in Windows Media Player when downloading skins.
This question was answered on May 14, 2003. Much of the information contained herein may have changed since posting.
A flaw exists in the way Windows Media Player downloads skin files The flaw could allow an attacker to force a file masquerading as a skin file into a known location on a user's machine This could then lead to malicious executable code on the victims system
Microsoft encourages all customers to review the Security Bulletins to keep optimal security The risk is considered ‘critical’ which is the highest security breach they have
An attacker could then host this malicious web page on a web site, or could send a link to the user via e-mail The vulnerability themselves provide no way to force a user to a web site
The affected versions are: Windows Media Player 7.1 & XP (version 8.0)
Download locations for this patch:
The patches for all Windows systems are available via:
The complete technical details are posted at the Microsoft web site:
About the author
Posted by Michal of Data Doctors on May 14, 2003