According to Australian security firm, IT Secure, three new vulnerabilities have been discovered in Microsoft Windows Media Player, the most critical of which could allow an attacker to run code of his or her choice on the victim computer.
The vulnerability concerns Microsoft Windows Media Player 6.4, Microsoft Windows Media Player 7.1 and Microsoft Windows Media Player for Windows XP.
The most critical vulnerability is an information disclosure vulnerability that could provide the means to enable an attacker to run code on the victim computer.
The second vulnerability which is rated at moderate, is a privilege elevation vulnerability that could enable an attacker who can physically logon locally to a Windows 2000 machine and run a program, to obtain the same rights as the operating system.
The third vulnerability which is rated as low, is a script execution vulnerability. This vulnerability could run a script of an attacker's choice as if the user had chosen to run it after playing a specially formed media file and then viewing a specially constructed web page.
The only cure for this weakness is to download and install the latest security patch offered by Microsoft.