WordType Designs
Driven To Distractions©
The Sound of One Hand Clapping©

A rchive Date
[ 27-01-2001 ]
Category
[ Information Technologies ]
sub-Categoy
[ Microsoft ]
      [Windows Media Player Skinned Again
      System security is threatened by Java manipulation in .WMZ files.
      By Eugene Woodbury

      Almost two months ago (November 23, 2000), communications and security software developer GFI reported a flaw in the Window Media Download (.WMD) file format. Malicious JavaScript code could be embedded in a seemingly harmless .WMD file, which would then automatically execute on the victim's computer. Microsoft promptly issued a patch to fix the flaw. Unfortunately for Media Player 7 users, Georgi Guninski has now revealed a similar problem with zipped Windows Media Skin (.WMZ) files.

      More Ways to Skin a Cat
      A "skin" is a file used to customize the "look and feel" of a program's graphical user interface. A Media Player skin consists of the skin definition (.WMS) file, and, optionally, a set of JavaScript (Microsoft JScript) instructions to provide interactivity. These files are compressed into a Windows Media zipped file. When the user opens the .WMZ file, the Windows Media Player extracts the contents of the file, including the skin and the JScript code. The JScript code is then interpreted and executed by the Internet Explorer Java Virtual Machine.

      Although this design makes for highly customizable Media Player skins, its flexibility and interactivity permits some mischief as well. A Java Archive (JAR) file can be included in the .WMZ. Because the default location of .WMZ files is known (C:\Program Files\Windows Media Player\Skins), a JAR file downloaded as part of a .WMZ file can be executed independent of the Windows Media Player. In a non-destructive script provided by Georgi Guninski, a Java applet loaded from a .WMZ file reads the contents of the user's C:\ drive, and attempts to run a "known file" in the root directory (test.txt).

      The Virtual Machine
      KeyLabs testers were able to reproduce the Guninski exploit using Windows Media Player 7 release 7.00.00.1956 on Windows 2000 and Windows Me machines. Oddly enough, the exploit does not seem to work with the previous version, 7.00.00.1440. However, the patch for the .WMD vulnerability must be applied to release 7.00.00.1956, and Microsoft's .WMD patch does not fix the .WMZ vulnerability. Because the exploit depends on an applet running in the Java Virtual Machine (VM), disabling Java in Internet Explorer will prevent it from executing. In Internet Explorer, go to Tools > Internet Options > Security > Custom Level. Then under the Microsoft VM Java permissions subheading, click on Disable Java.

      Figure A: Until a patch is available, disabling Java in Internet Explorer will protect against this vulnerability.


      After Java is disabled in the Virtual Machine, the Guninski exploit will bring up a dialogue box that reads: "Your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly." Of course, this same message will be displayed when legitimate Java applets are run as well. A more sophisticated workaround involves adjusting the security level of the Microsoft Virtual Machine rather than disabling it. Instead of clicking on Disable Java in Tools > Internet Options > Security > Custom Level, click on Custom. This will bring up a button titled Java Custom Settings. Select the Edit Permissions tab. Under Run Unsigned Content, click on Disable. With these settings the .WMZ exploit does not work.

      Figure B: A more discriminating workaround involves the security settings for Windows' Java Virtual machine.


      A Fix on the Way
      The latter workaround was suggested by Lindsay Shannon, a representative for the Digital Media division at Microsoft, who adds that "Microsoft is taking this seriously and thoroughly investigating all permeations and working to provide a fix for this issue as quickly as possible." Based on Microsoft's quick response to the .WMD security hole, a patch should soon be made available to users via a Microsoft security bulletin. ]
      Cross-Indexed:

      New document Icon


Some pages may require Adobe Acrobat Reader


Copyright and Fair Use Information: The contents of this web site is protected by international copyright laws and may not be reproduced in any form or manner whatsoever, if for the purpose of resale or solicitation of a donation. The essays included here, may be reproduced only if: 1)They are not altered in any way; 2) reproductions must be accompanied by this copyright page ; and 3) it is given freely and without charge.
Fair use: The fair use of copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified in above sections, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright. In determining whether the use made of a work in any particular case is fair use the factors to be considered include : (1) the purpose and character of the use, including whether the use is of a commercial nature or is for nonprofit educational purposes; (2) the nature of the copyrighted work; (3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole, and; (4) the effect of the use upon the potential market value of the copyrighted work.
Home | About Narrative? |Contact
Copyright © 2025. All Rights Reserved
HAG122125 (1998 -2026)