On February 14, Eeye Digital Security announced a serious security vulnerability in Windows Media Player that could allow attackers to take control of users’ computers.
This vulnerability exists in the memory caching mechanism of Windows Media Player, making it susceptible to BMP image files that contain malicious code that can directly attack the computer. It affects nearly all versions of Windows Media Player from 7.1 to 10 and impacts all currently active Windows operating systems, such as Windows XP, Windows 2003, Windows NT, and Windows 2000 SP4.
Eeye stated that only the versions of Windows sold in the European market without Windows Media Player are safe from this security flaw.
Microsoft has informed that a patch for a similar security vulnerability was released previously, but Eeye’s experts noted that the security patch numbered KB913446 for Windows XP does not completely address this security issue.
THIEN TRANG
