Fri, 22 Mar 2002 11:25:35 +1100
On the topic of Microsoft and their job ahead in securing its systems, here is
a typical security bulletin, one of many I read weekly on BUQTRAQ. I've snipped
it for brevity.
In plain English: the Media Player can be used to crippled security mechanisms
in the Mail Reader to send virii and worms on the Internet (!) ... who would
When one contemplates the number of possible interactions between all of the
tightly-coupled non-system components in a W2K (or other Win) systems, replete
with patches and different software versions of .DLLs and system components,
the mind simply boggles.
-------- Original Message --------
Date: Thu, 21 Mar 2002 14:47:56 -0500
From: "Richard M. Smith" <firstname.lastname@example.org>
Windows Media Player (WMP) reintroduces the ability to automatically
facilitate the creation of worms and other malicious code which is
carried by HTML email messages. Using a number of simple tricks, WMP
can be used to bypass the Outlook security settings and still
Here is an outline of the steps needed to exploit this problem:
1. An IFRAME tag is inserted into an HTML email message that
references a Windows Media Skin (.WMS) file. The .WMS
can be loaded either from a Web site or from an attached
file to the email message using the CID: protocol. (Note:
I have only tested downloading a .WMS file from a Web site.)
2. Because .WMS files are considered safe by Windows, WMP will
automatically be started by Outlook and it will be passed
the .WMS file.
in an onload handler which runs a Web page using the
player.LauchURL() method. This onload handler is
automatically executed when WMP opens the .WMS file.
4. The Web page from step 3 can be loaded from a Web site, or
the source code of the Web page can be embedded in the .WMS file
The only work-around that I am aware of is to manually mark each Windows
Media file type as not safe-for-opening. This process is going to be
prone to errors since there are about 10 file types that need to fixed.
Richard M. Smith