Malformed Embedded Windows Media Player 7 "OCX Attachment" Vulnerability ------------------------------------------------------------------------ SUMMARY The USSR Team has found a problem in the Windows Media Player 7 ActiveX control, which could be used in a denial of service attack against RTF-enabled e-mail clients such as Outlook 2000 and Outlook Express. DETAILS Vulnerable systems: Outlook 2000 with Microsoft Windows Media Player 7 If the affected control were programmatically embedded into an RTF mail and then sent to another user, the user's mail client would fail when he closed/moved the mail. Exploit: Malformed WMP Embedded RTF/Email Spawner. Windows Console Version: <http://www.ussrback.com/wmp/wmpoutlook.exe> http://www.ussrback.com/wmp/wmpoutlook.exe Windows Console Version Source: <http://www.ussrback.com/wmp/wmpoutlook.zip> http://www.ussrback.com/wmp/wmpoutlook.zip Fix: Microsoft has released a patch for this problem. See: <http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24421> http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24421 -- Eko Sulistiono MIKRODATA & AntiVirus Media Web: http://www.mikrodata.co.id/ WAP: http://www.mikrodata.co.id/wap/index.wml This message contains no viruses. Guaranteed by AVP. ------------------------------------------------------------------------ Forum Komunikasi Penulis-Pembaca MIKRODATA (FKPPM) Informasi : http:[EMAIL PROTECTED] Arsip : http://www.mail-archive.com/forum%40mikrodata.co.id/ WAP : http://mikrodata.co.id/wap/index.wml Milis ini menjadi kontribusi beberapa rubrik yang diasuh tim MIKRODATA. Termasuk rubrik-rubrik yang ada di media lain. Memakai, Menyebarluaskan, dan Memperbanyak software bajakan adalah tindakan kriminal. Please check with the latest AVP update before you ask about virus: ftp://mikrodata.co.id/avirus_&_security/AntiViral_Toolkit_Pro/avp30.zip
