Microsoft issues two critical security alerts
Two ‘critical’ vulnerabilities appear in the latest security bulletin from Microsoft. One is yet another problem arising in the Windows Metafiles while the other occurs in Windows Media Player. The company has also flagged a number of ‘important’ security issues.
It seems that Microsoft’s problems with Windows Metafiles (wmf) are not over yet. The company says that it has discovered that a code execution vulnerability exists in Internet Explorer Graphics Rendering Engine. Microsoft says that an attacker could exploit the vulnerability by constructing a specially crafted wmf image because of the way Internet Explorer handles the files.
Microsoft is warning users not to be complacent as the vulnerability in Internet Explorer is different from the .wmf issues discovered last month.
As with earlier .wmf vulnerabilities, a user has to visit a malicious Web site or open or preview an e-mail message, or open a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could take complete control of the targeted computer. The latest issue only arises with those using Microsoft Windows 2000 Service Pack 4.
There is a similar problem with some versions of Windows Media Player due to an unchecked buffer in the bitmap (.bmp) image parsing function. Because of the way that Media Player processes bitmap files, Microsoft says it is possible for an attacker could exploit the vulnerability via a malicious constructed bitmap file (.bmp).
It could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious email message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, Windows Media Player is not the default handler for .bmp files. Therefore, in order for the exploit to take place, the user has to save the .bmp file to the desktop and open it using Windows Media Player.
The Windows Media Player flaw potentially threatens a wider number of users and includes anyone with Media Player for XP, Windows Media Player 9 for XP Service Pack 2 and for Windows Server 2003.
Under the category of ‘important’ issues are a remote code execution vulnerability that allows remote code execution in the Windows Media Player plug-in for non-Microsoft Internet browsers, a potential Denial of Service issue with TCP/IP and a vulnerability in the Windows Web Client Service.
More details at the Microsoft Technet.