Media Player Riddled with Security Holes

A recent decision by the EU damned Microsoft's antitrust business practice of bundling Windows Media Player (WMP) with its operating systems. You might be ready to scream "damn!" or any other curse word if you're one of the unlucky victims of a recent vulnerability in WMP.

According to one British security research company, hackers can exploit Internet Explorer, even if it isn't the default web browser, by acting upon a gaping hole in Media Player. (Source: channelinsider.com)

Penetration tester Petko Petkov, who recently showed how vulnerable Apple's QuickTime can be, has now said that Windows Media Player possesses critical bugs that could give a hacker the ability to hijack the average PC. According to Petkov, these bugs can be exploited simply by targeting a hole in the "HTMLView value" XML tag that WMP uses for most of its file formats.

The "page will be opened within the Media Player surroundings, not a stand-alone browser. This is very interesting behavior," said Petkov, now an instant star in the PC security world. (Source: pcworld.com)

Although recent editions of Windows Media Player, including version 11, warn the user that their computer is being compromised, some simply don't. WMP 9, for example, won't tell a user his or her machine is now under the control of someone else.

"Attackers are in [a] very good position to abuse the technology," Petkov said.

Microsoft is reportedly investigating all of its problems with Windows Media Player, and could include a fix for these issues with its regularly scheduled update on October 9.

However, it's not the first problem Windows Media Player has faced and Microsoft may be left with a product demanding more than just a couple weeks' work. Regardless, we're sure to hear more about it in the next three weeks.