Windows Media Player IE Cache Path...
Microsoft Windows Media Player is distributed with multiple versions of the Microsoft Windows Operating System. A vulnerability has been reported that affects systems using Windows Media Player 6.4, 7.1, or Media Player for Windows XP. An information disclosure vulnerability that may also allow an attacker the opportunity to execute arbitrary code on the targetted system has been reported. This vulnerability occurs due to the handling of license files for secure media files that are stored in the IE cache. The flaw affects only secure media files which use WM DRM 1.0. The risk for code execution is due to Windows Media Player disclosing the location of the IE cache, which uses a obfuscated name. An attacker that is able to learn the location of the cache can use scripting to execute a file located in the cache and it will be treated as part of the Local Computer Zone. ** There have been reports that the updated patch for this issue does not install properly on Windows 2000 systems....
