Software Engineering Institute

Microsoft Media Player is an application that plays various types of media files. The user can customize the appearance of Microsoft's Media Player through the use of skin files. Skin files can be created and downloaded from the Internet. Microsoft's Media Player uses XML to determine the location of these files.

A directory traversal vulnerability exists in Microsoft Media Player 7.1 (for Windows 98, 98SE, ME, 2000) and 8.0 (Windows XP) when parsing of an XML file specifying the location of a skin file. The XML parser fails to recognize hex encoded characters that can permit an attacker to exit the temporary directory, and place files in a known location on the system.

Exploitation of this vulnerability may permit a remote attacker to download a malicious file to a known location on the local system or any mounted network drives that the current user has access to. These files may be programs, configuration files, or various other types of files. The attacker must trick the user into visiting the malicious website in order to exploit this vulnerability.

For more details, please see Microsoft's Advisory MS03-017.

A remote attacker may be able to download arbitrary files to the system in a known location. If the file is placed in the "Start Up" folder, or used in conjunction with other vulnerabilities (such as VU#626395, VU#25249 or VU#489721), the attacker may then be able to execute arbitrary code on the system.

Microsoft has released patches for versions 7.1 and 8.0 in MS03-017 to address this issue.

Microsoft Media Player 9 is not affected by this vulnerability.