Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Expected Exploit For Windows Media Player Flaw Hits

UPDATE: This story was updated at 4:54PM ET Thursday.

An exploit against the Windows Media Player vulnerability disclosed by Microsoft two days ago is nearly finished, a security company said Thursday, and may be only hours away from hitting unpatched users.

The bug, which was made public Tuesday in security bulletin MS06-005, allows attackers armed with malicious .bmp image files to hijack Windows PCs.

"There are two exploits circulating," said Mike Puterbaugh, the vice president of marketing at eEye Digital Security, the Aliso Viejo, Calif.-based company which first uncovered the Media Player vulnerability.

"One is somewhat minor, and can cause a denial-of-service, but the second we're taking far more seriously," said Puterbaugh. "It's 95 percent there as a propagated mass attack.

  • 1