Home page logo
/

bugtraq logo Bugtraq mailing list archives

Windows Media Player Plugin: Local File Detection Vulnerability
From: renard-volant () hotmail com
Date: Fri, 30 Oct 2009 08:12:28 -0600

*** Windows Media Player Plugin: Local File Detection Vulnerability ***

A design flaw in Windows Media Player 11 allows a remote attacker to determine the presence of local files (programs, 
documents, etc.). I sent an e-mail to Microsoft (nearly a year ago) but they never responded…

Windows Media Player permits to open locally stored media-files. Opening non-supported files usually provokes an error 
message. By a simple HTTP-redirect, the error message can be circumvented. Local files can be opened. The 
file-opening-procedure can be controlled with the “Player.OpenStateChange Event”. If a file exists, event 8 
(”MediaChanging”) is fired. This way, via JavaScript, a malicious web site could determine the presence of local (and 
remote) files.

Additional infos (in German): www.lrv.ch.vu

I’ve also set up a demo page at: http://lrv.bplaced.net/wmp/wmp.php


  By Date           By Thread  

Current thread:
  • Windows Media Player Plugin: Local File Detection Vulnerability renard-volant (Oct 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]