This article is more than 1 year old
MS Media Player gives up your box
Don't worry, they fixed it before you were rooted
If there's one thing that occasionally tempts me to miss Windows, it's the mediocre multimedia support in Linux. But then again, my media player doesn't allow remote attackers to own my box. It's a trade-off, I'll allow.
Yesterday MS 'fessed up to three new holes in WMP, the most serious of which allows remote evildoers to run arbitrary code on your priceless Windoze machine.
However, and we'll quote Redmond directly, the remaining two are hardly benign. We have:
"A privilege-elevation vulnerability that could enable an attacker who can physically logon locally to a Windows 2000 machine and run a program to obtain the same rights as the operating system."
And "a script-execution vulnerability related that could run a script of an attacker's choice as if the user had chosen to run it after playing a specially formed media file and then viewing a specially constructed Web page. This particular vulnerability has specific timing requirements that makes attempts to exploit vulnerability difficult and is rated as low severity."
"Specific timing requirements" in this case means that unless you do precisely what you're told by your pal in MSM, you won't get nailed. You have to play a file, close WMP and then hit a malicious Web site. Naturally, you'd never do that.
There's a cumulative patch posted here, with additional details.