Embedded Windows Media Player 7 "OCX Attachment" Vulnerability
September 26, 2000
Microsoft Windows Media Player 7
The USSR Team has found a problem in the Windows Media Player
7 ActiveX control, which could be used in a denial of service
attack against RTF-enabled e-mail clients such as Outlook 2000
and Outlook Express.
If the affected
control were programmatically embedded into an RTF mail and then
sent to another user, the user's mail client would fail when he
closed/moved the mail.
We take no responsibility for this code. It is for educational
WMP Embedded RTF/Email Spawner.
Windows Console Version Source:
Microsoft Security Bulletin MS00-068: Frequently Asked Questions,
Underground Security Systems Research:
USSR is an
emerging security company based in South America devoted to research
about computers, network security, and software protection systems.
One of the main objectives of USSR is to develop and implement
new security and protection systems based on our knowledge and
believe that the way we implement security solutions, can make
a difference, CrunchSP is a good example. In our day-to-day research
we detect vulnerability issues in different applications that
we publish on our advisory board.
Most of USSR
programmers and partners have more than 12 years of experience
in different computer based applications, with great knowledge
in high and low level programming languages.
information on USSR, feel free to contact us by email.
assembled some of the world's greatest software developers and
security consultants to help us provide our customers this great
range of security services:
* Security Application development
* Application Security Testing and Certification
* Security Based on Security Tools
* Emergency Response Team
* Virtual Private Networking
* Intrusion Detection
* Support and maintenance
(c) 1999-2000 Underground Security Systems Research. Permission
is hereby granted for the redistribution of this alert electronically.
It is not to be edited in any way without explicit consent of
USSR. If you wish to reprint whole or any part of this alert in
any other medium excluding electronic medium, please e-mail firstname.lastname@example.org
The information within this paper may change without notice. We
may not be held responsible for the use and/or potential effects
of these programs or advisories. Use them and read them at your
own risk or not at all. You solely are responsible for this judgment.
Please send suggestions, updates, and comments to:
Underground Security Systems Research