Windows Media Player can hack your browser
The British security researcher who found a way to use QuickTime and Firefox to break into PCs has now figured out how to hack Firefox users via Windows Media Player.
Hackers can use Windows Media Player files to exploit any unpatched Internet Explorer vulnerability - even if the user relies on Firefox, Opera or some other browser, according to Petko Petkov.
Microsoft is investigating, according to a spokesman.
Petkov, a penetration tester who released proof-of-concept code last week for a flaw in Apple's QuickTime, now claims that Microsoft's player also harbours critical bugs that could be used to hijack PCs. On his blog, Petkov posted several exploits targeting a vulnerability in the "HTMLView value" XML tag that's used in several support Windows Media Player file formats, including .asx.
"HTMLView will display a page of our choice within the stand-alone Windows Media Player," Petkov said. "I repeat, the page will be opened within the Media Player surroundings, not a stand-alone browser. This is very interesting behaviour."
On a fully-patched PC running Windows XP SP2 with either IE6 or IE7, Petkov was able to force Media Player to open a malicious URL. "Let me translate this for you," he said. "It means that even if you are running Firefox and you think that you are secure, by simply opening a media file, you expose yourself to all IE vulnerabilities."
Petkov embedded malicious script code into the pages he created, then injected into Media Player in the multiple exploit samples he posted on his blog yesterday. In his proofs of concept, the script simply launches a pop-up window that tells the user his machine has been compromised.
Version 11 of Media Player throws up a confirmation dialogue box that may make some users think twice about allowing a malicious file to access the program, as does Media Player 10. Earlier editions, however, including Version 9, blithely allow the exploit without warning the user.
"Attackers are in [a] very good position to abuse the technology," said Petkov.
Late last night, Symantec warned customers of its DeepSight service about Petkov's findings, including the Windows Media Player problem. "[These] provide an indirect vector to execute malicious script code, which in some cases may be more difficult to filter," Symantec said in a security bulletin.
Reproduced from an article published by Techworld
© Techworld
The original article can be viewed here:
http://www.techworld.com/security/news/index.cfm?NewsID=10126
Permalink Bookmark Digg this story
