Windows Media Player gets security patch

Windows Media Player gets security patch

Microsoft has issued a patch for some versions of Windows Media Player to remove what the company called a critical system vulnerability.

The flaw involved the part of Windows Media Player that lets users download new "skins" (visual interfaces) to the player, according to a security advisory on Microsoft's Web site.

Using the vulnerability, attackers could force a file masquerading as a skin file into a known location on the user's PC or place a malicious executable on the system.

To do so, the attacker would have to either entice the user to go to a Web site designed to exploit the vulnerability or embed a link to the Web site in an HTML (Hypertext Markup Language) email message. Depending on what email client software and which security updates were installed, the attacker might be able to launch the malicious executable without the user even clicking on the link, Microsoft said.

The vulnerability affects Windows Media Player 7.1 and Windows Media Player for Windows XP. Previous versions of the software are not supported and they may or may not be affected by the vulnerability. It does not affect the current Windows Media Player 9.0 Series.

The advisory is Microsoft Security Bulletin MS03-017 and can be found at

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments