Business Services Industry
Security Flaw Discovered in Windows Media Player 7 Can be Blocked by Mail Essentials Email Content Checking Gateway
Business Wire, Nov 23, 2000
Business Editors
LONDON--(BUSINESS WIRE)--Nov. 3, 2000
GFI, developer of email content checking & network security software, has discovered a security flaw within Windows Media Player 7 which allows a malicious user to run arbitrary code on a victim's machine as it attempts to view a web site or an HTML email.
GFI has notified Microsoft Corp., which issued an advisory (Microsoft security Bulletin number MS00-090).
Windows Media Player 7 is included by default on Windows Millennium Editions and is available from Microsoft for free. It includes skinning capabilities that allow it to change interface. GFI has found that this can be exploited to execute code on remote machines.
"The exploit works simply by opening an email on a machine which includes Windows Media Player 7 and on which HTML scripts are allowed, or by browsing a malicious site," warned GFI security engineer, Sandro Gauci.
"This security problem is exploited by embedding a JavaScript (.js) file within a Media Player skin file (.wmz) which can also be embedded in a Windows Media Download file (.wmd). This does not require the user to run any attachments since the Media Player file is automatically executed using an iframe tag or a window.open() with in a script tag," he explained.
GFI advises to filter incoming emails for WMD and WMZ files, and automatically remove JavaScript, iframe tags, meta refresh tags and possibly ActiveX tags from incoming HTML email.
"This can be done automatically with an email content checking gateway such as Mail essentials. HTML tags and dangerous attachments will be removed automatically at server level and therefore network admins need not worry about their users receiving malicious attachments or html mails," pointed out Nick Galea, GFI CEO.
GFI (http://www.gfi.com/bwmp7mes.shtml) develops communications and security software for Windows NT/2000 and has six offices in the US, UK, Germany, France, Australia and Malta. GFI's product range includes FAXmaker, Mail essentials and LANguard. GFI's customers include Microsoft, BMW, the US IRS, NASA and many more.
Most Recent Business Articles
- Multiple criteria evaluation and optimization of transportation systems
- Multi-criteria analysis procedure for sustainable mobility evaluation in urban areas
- A two-leveled multi-objective symbiotic evolutionary algorithm for the hub and spoke location problem
- Multi-criteria analysis for evaluating the impacts of intelligent speed adaptation
- The development of Taiwan arterial traffic-adaptive signal control system and its field test: a Taiwan experience
Most Recent Business Publications
Most Popular Business Articles
- 7 tips for effective listening: productive listening does not occur naturally. It requires hard work and practice - Back To Basics - effective listening is a crucial skill for internal auditors
- FAS 109: a primer for non-accountants - Financial Accounting Standards Board's "Statement 109: Accounting for Income Taxes"
- Design a commission plan that drives sales - Sales Commissions
- Too Young to Rent a Car? - 25-years-old the minimum age for car renting - Brief Article
- Getting the global view: Nestle, led by Peter Brabeck-Letmathe, climbs to the #1 spot in this year's Best Companies for Leaders
Most Popular Business Publications
Content provided in partnership with
