Description: Microsoft has issued an update for Microsoft Windows Media Player 9 to fix a vulnerability allowing malicious web sites to view and manipulate media library meta data.
The problem is that the ActiveX component fails to restrict what a web site can do with the media library, it is possible to view, delete and rename entries in the library. This does not allow web sites to delete or place files on the users system.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.