Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Warining issued for exploit of patched flaw in Windows Media Player

Roland Dela Paz, a threat response engineer at Trend Micro, said in a blog post that researchers spotted malicious HTML being hosted that exploits the vulnerability and executes a trojan that includes rootkit functionality.

The flaw, a MIDI (musical instrument digital interface) remote code execution vulnerability (CVE-2012-0003), was patched by Microsoft in this month’s Patch Tuesday release. The vulnerability affects Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008, but not Windows 7 or Windows Server 2008 R2.

The attack is not widespread at the moment, but it is possible that other attackers will start exploiting the same vulnerability in the near future. Dela Paz recommended that users update their systems using the Microsoft patch.

"We'd like to reiterate that this is a publicly disclosed exploit. As such, we can expect similar attacks in the future”, the Trend Micro researcher wrote.

What’s Hot on Infosecurity Magazine?