Hackers can wield malicious Windows Media Player files to exploit any unpatched Internet Explorer (IE) vulnerability on a PC -- even if the user relies on Firefox, Opera or some other Web browser, a UK security researcher said yesterday.
Microsoft is investigating, a spokesman said Wednesday.
Petko Petkov, a penetration tester who released proof-of-concept code last week for a flaw in Apple's QuickTime, said Tuesday that Microsoft's media software also harbors critical bugs that could be used to hijack PCs. On his blog, Petkov posted several exploits targeting a vulnerability in the "HTMLView value" XML tag that's used in several support Windows Media Player file formats, including .asx.
"HTMLView will display a page of our choice within the stand-alone Windows Media Player," Petkov said. "I repeat, the page will be opened within the Media Player surroundings, not a stand-alone browser. This is very interesting behavior."
No comments:
Post a Comment