Signature Detail

Short Name	HTTP:STC:IE:WMP-SKIN-EXEC
Severity	High
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	Microsoft Windows Media Player Skin File Code Execution
Release Date	2005/01/28
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Microsoft Windows Media Player Skin File Code Execution

This signature detects an HTTP server response that contains a malformed "Content-Disposition:" field. This response can cause a vulnerable Microsoft Internet Explorer client to download and execute an arbitrary file.

Extended Description

Windows Media Player is vulnerable to code execution through skin files. WMP does not properly validate URLs that are passed to initiate a skin file download and installation. This could allow a malicious file advertised as a skin file to be downloaded to a known location and executed through some other means.

Affected Products

Microsoft Windows Media Player 7.1
Microsoft Windows Media Player XP

References

BugTraq: 7517
CVE: CVE-2003-0228
URL: http://www.microsoft.com/technet/security/Bulletin/MS03-017.mspx
URL: http://www.securityfocus.com/archive/1/320811

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Microsoft Windows Media Player Skin File Code Execution

Extended Description

Affected Products

References