Windows Media Player WMDM Privilege Escalation Vulnerability

A privilege escalation vulnerability has been reported that will allow an attacker with local log-on privileges to gain access under the privilege level of the operating system itself.

This vulnerabilty only affects Windows Media Player 7.1 on Windows 2000 systems, other Windows versions are not affected. The flaw lies in the use by Windows Media Device Manager (WMDM). The WMDM will sometimes fail to recognize an invalid device request. If that request is for a specific device, WMDM processes it under the context of Local System.

Direct physical access is required and Terminal service logins are not affected by this vulnerability.


Privacy Statement
Copyright 2010, SecurityFocus