Who should read this bulletin: Customers using Microsoft® Windows Media™ Player 6.4, 7.1 or Windows Media Player for Windows XP.

Impact of vulnerability: Three vulnerabilities, first reported on June 26 2002, the most serious of which could be used to run code of attacker's choice.

Maximum Severity Rating: Critical

Recommendation: Customers running affected products should apply the patch immediately. Customers who are still running Windows Media Player 7.0 should upgrade to Windows Media Player 7.1 first and then apply the patch immediately.

Affected Software:

Microsoft Windows Media Player 6.4
Microsoft Windows Media Player 7.1
Microsoft Windows Media Player for Windows XP

Technical description:

On June 26, 2002, Microsoft released the original version of this bulletin, which described the patch it provided as being cumulative. We subsequently discovered that a file had been inadvertently omitted from the patch. While the omission had no effect on the effectiveness of the patch against the new vulnerabilities discussed below, it did mean that the patch was not cumulative. Specifically, the original patch did not include all of the fixes discussed in Microsoft Security Bulletin MS01-056. We have repackaged the patch to include the file and are re-releasing it to ensure that it truly is cumulative.

Actual description:


Full info: