Arbitrary Code execution Vulnerability in Microsoft Windows Media Player

Reported May 07, 2003, by Microsoft.





·         Microsoft Windows Media Player (WMP) 8.0 and 7.1




A new WMP vulnerability can result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from a flaw in the way WMP handles the download of skin files. This flaw could permit an attacker to force a file (e.g., a malicious executable) masquerading as a skin file into a certain location on a user's machine.




Microsoft has released Security Bulletin MS03-017, "Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787)," to address this vulnerability and recommends that affected users immediately apply the appropriate patch mentioned in the bulletin.



Discovered by Jouko Pynnonen of Oy Online Solutions Ltd, Finland and Jelmer.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.