{"vuid":"VU#222044","idnumber":"222044","name":"Microsoft Windows Media Player fails to properly launch URLs based on Dynamic HTML (DHTML) behaviors","keywords":["Microsoft","Windows Media Player","launch URL","Dynamic HTML","DHTML behaviors","Q828026","MS03-040"],"overview":"Microsoft Windows Media Player (WMP) permits the embedding of URLs into media files. When launching an embedded URL, a logic error in the WMP URL handling makes it possible to move from a less trusted domain zone into the local computer zone. This vulnerability permits an attacker to execute arbitrary code in the context of the current user.","clean_desc":"Microsoft Windows Media Player (WMP) is an application that ships with Microsoft Windows systems. It is used to play various types of media files. WMP will recognize embedded URLs in media files and launch the site specified. When launching an embedded URL, a logic error in the WMP URL handling with respect to DHTML makes it possible to launch the site in the local computer zone, rather than a less trusted zone such as Internet or Restricted. This vulnerability permits an attacker to execute arbitrary code in the context of the current user. The attacker must get the victim to run the malicious media file in order to exploit this vulnerability. The media file may be embedded in a web site, email message, or downloaded and played by the user. The following supported versions of Microsoft Windows Media Player are affected according to the Microsoft Knowledgebase article (828026): Microsoft Windows Media Player 9 Series for Windows XP\nMicrosoft Windows Media Player 9 Series for Windows 2000\nMicrosoft Windows Media Player 9 Series for Windows 98 Second Edition\nMicrosoft Windows Media Player 9 Series for Windows Millennium Edition\nMicrosoft Windows Media Player 9 Series for Windows Server 2003\nMicrosoft Windows Media Player for Windows XP Home Edition\nMicrosoft Windows Media Player for Windows XP Professional\nMicrosoft Windows Media Player 7.1\nMicrosoft Windows Media Player 6.4","impact":"A remote attacker may be able to execute arbitrary code on the local system.","resolution":"Microsoft has released Knowledgebase article 828026 to address this issue. This issue is also mentioned in MS03-040 which addresses a similar vulnerability in Internet Explorer (VU#668380).","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported in a Microsoft Security Bulletin.","author":"This document was written by Jason A Rafail.","public":["http://www.microsoft.com/technet/security/bulletin/MS03-040.asp","http://www.microsoft.com/security/security_bulletins/MS03-040.asp","http://support.microsoft.com/default.aspx?scid=kb;en-us;828026"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-10-06T14:18:24Z","publicdate":"2003-06-03T00:00:00Z","datefirstpublished":"2003-10-06T15:18:48Z","dateupdated":"2003-10-06T20:42:20Z","revision":5,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"12","cam_internetinfrastructure":"10","cam_population":"15","cam_impact":"15","cam_easeofexploitation":"12","cam_attackeraccessrequired":"20","cam_scorecurrent":"37.4625","cam_scorecurrentwidelyknown":"42.525","cam_scorecurrentwidelyknownexploited":"50.625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":37.4625,"vulnote":null}