Is there any chunk of code that users can trust on their systems? It's clear that computer users can't read E-mail, instant message, or Web surf without worrying about hackers launching malicious code on their system. And now, listening to music and watching streaming video can be added to that list.
Microsoft security bulletin MS01-029 warns MS Media Player users that versions 6.4 or 7.0 have a vulnerability that "potentially" lets attackers run the code of their choice. The bulletin advises users of version 6.4 to install a patch immediately, and users of version 7.0 to upgrade to 7.1. Older, or unsupported, versions of Media Player may or may not possess the same vulnerability, so tune in at your own risk.
The vulnerability stems from the Windows Media Player Active Stream Redirector processor. An unchecked buffer there can be overrun, enabling an attacker to run virtually anything on a victim's machine. All that an attacker needs to do is send malicious code through E-mail or a Web-site link, and find a way to persuade the victim to click on the link.
Users of Media Player 6.4 and 7.0 are better off clicking on microsoft.com/technet/security/bulletin/MS01-029.asp and grabbing the appropriate fix.