VULHUB ™

A flaw exists in the implementation of Windows Media Player which could disclose sensitive information to attackers. WMP creates internet shortcuts in the temporary internet files folder on the user's local system. These files are also created with 'fixed', known filenames. The WMP created shortcuts are opened in Local Computer Zone rather than the Internet Zone. HTML opened in this Security Zone has the ability to read arbitrary files on the filesystem, as well as send data to webservers.

A flaw exists in the implementation of Windows Media Player which could disclose sensitive information to attackers. WMP creates internet shortcuts in the temporary internet files folder on the user's local system. These files are also created with 'fixed', known filenames. The WMP created shortcuts are opened in Local Computer Zone rather than the Internet Zone. HTML opened in this Security Zone has the ability to read arbitrary files on the filesystem, as well as send data to webservers.