MS KB892313: DRM Update in Windows Media Player May Facilitate Spyware Infections

This script is Copyright (C) 2005-2017 Tenable Network Security, Inc.


Synopsis :

It is possible to install spyware on the remote host.

Description :

The remote host is running a version of Windows Media Player 9 or
Windows Media Player 10 that is missing a security update. It is,
therefore, affected by a vulnerability that allows an attacker to
infect the remote host with spyware. An attacker can exploit this flaw
by crafting malformed WMP files which will cause Windows Media Player
to redirect the user to a malicious website when attempting to acquire
a license to read the file.

See also :

http://www.benedelman.org/news/010205-1.html
https://support.microsoft.com/en-us/kb/892313

Solution :

Apply the appropriate update referenced in the Microsoft advisory.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.3
(CVSS2#E:H/RL:U/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 18085 ()

Bugtraq ID: 13607

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now