Article ID: 819639
Article Last Modified on 11/7/2007
APPLIES TO
- Microsoft Windows Media Player 9 Series
- Microsoft Windows Media Player 9 Series for Windows XP
- Microsoft Windows Media Player 9 Series
- Microsoft Windows Media Player 9 Series
- Microsoft Windows Media Player 9 Series
Technical Updates
- June 27, 2003: The "File Information" section was updated.
- July 1, 2003: Updated the "Download Information" section to point to the correct download URL. No technical information was changed.
SYMPTOMS
With Windows Media Player 9 Series, a flaw in an ActiveX control might permit a Web page to gain access to your Media Library. An attacker who exploits this flaw can gain access only to manipulate the Media Library on your computer. The attacker cannot browse your hard disk and cannot gain access to passwords or encrypted data. Also, the attacker cannot modify actual files on the hard disk; the attacker can modify only the contents of the Media Library entries for those files.
RESOLUTION
Security Patch Information
Download Information
Windows XP, Windows 2000, Windows Millennium Edition, and Windows 98
The following file is available for download from the Microsoft Download Center:
Release Date: June 25, 2003
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
Windows Server 2003
The following file is available for download from the Microsoft Download Center:
![[GRAPHIC: Download]](/wiki/index.php?title=File:Download.gif){kind=small}
Download the 819639 package now. Release Date: June 25, 2003
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
Installation Information
This security patch supports the following Setup switches:
- /?: Shows the list of installation switches.
- /q: Specifies Quiet mode (no user intervention).
- /q:u: Specifies User-Quiet mode, which presents some dialog boxes to the user.
- /q:a: Specifies Administrator-Quiet mode, which does not present any dialog boxes to the user.
- /t:
full path: Specifies the temporary working folder. - /c: Extracts the files without running Setup when used with /t.
- /c:
cmd: Override the installation command that was defined by the author. - /r:n: Never restarts the computer after installation.
- /r:i: Restart the computer if necessary. Automatically restarts the computer if it is necessary to complete the installation.
- /r:a: Always restarts the computer after installation.
To verify that the security patch is installed on your computer, confirm that the following registry key exists:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Player\wm819639
Deployment Information
To install the security patch without any user intervention, use the following command:
windowsmedia9-kb819639-x86-enu /q:a
To install the security patch without forcing the computer to restart, use the following command:
windowsmedia9-kb819639-x86-enu /r:n
Note You can combine these switches in one command.
For information about how to deploy this security patch with Microsoft Software Update Services, visit the following Microsoft Web site:
Restart Requirement
You do not have to restart your computer after you apply this security patch.
Removal Information
You cannot remove this security patch if you are using Microsoft Windows XP, Microsoft Windows 2000, Microsoft Windows Millennium Edition (Me), or Microsoft Windows 98 Second Edition. The Setup technology in these versions of Windows does not support removing the security patch. To remove this security patch if you are running Microsoft Windows Server 2003, use the Add or Remove Programs tool in Control Panel.
Security Patch Replacement Information
This security patch does not replace any other hotfixes.
File Information
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name ---------------------------------------------------- 06-Jun-2003 00:50 9.0.0.3008 4,653,056 Wmp.dll
Files to Support Installation
The following file is included to support installing the security patch.
Date Time Size File name --------------------------------------- 06-Jun-2003 22:26 1,566 Wm819639.inf
Files for File-Dependency Reasons
The following files are included because of file dependencies.
Date Time Version Size File name ---------------------------------------------------- 18-Aug-2001 02:43 6.0.2600.0 91,136 Advpack.dll 06-Jun-2000 20:43 4.71.704.0 2,272 W95inf16.dll 06-Jun-2000 20:43 4.71.16.0 4,608 W95inf32.dll
STATUS
Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed at the beginning of this article.
MORE INFORMATION
For more information about this vulnerability, visit the following Microsoft Web site:
Additional query words: security_patch
Keywords: kbsecvulnerability kbqfe kbsecurity kbwinxpsp2fix kbsecbulletin kbwinxppresp2fix kbwinserv2003presp1fix kbhotfixserver KB819639
