Vulnerabilities in two Windows Media products could allow an attacker to take over a media server or view a user's media library, Microsoft has warned.
The server flaw creates a vulnerability in Windows 2000 server systems with Windows Media Services installed.
An unchecked buffer in a component that provides logging services for streaming media makes the system vulnerable to attacks, Microsoft said in Security Bulletin MS03-022.
Windows Media Services is an add-on to Windows 2000 which provides streaming audio and video services for use over corporate networks and the internet.
Microsoft rates this issue "important" and urges users to apply the patch released with the bulletin at the earliest available opportunity.
In a second security bulletin released this week, Microsoft warned of an information disclosure flaw in Windows Media Player 9 Series, the company's latest media player software. An attacker could get information on the media files a user stores on a PC. Microsoft deems this issue a "moderate" risk.
The flaw lies in a component called an ActiveX control which is meant to allow web page designers to embed a media player into a web page.
The control does not properly validate access to the information on the user's PC, Microsoft said in Security Bulletin MS03-021.
Microsoft has a four-tiered system for rating security issues. Vulnerabilities that could be exploited to allow malicious internet worms to spread without user action are rated critical.
Issues rated important could still expose user data or threaten system resources. Vulnerabilities rated moderate are hard to exploit because of factors such as default configuration or auditing, or difficulty of exploitation.
Joris Evers writes for IDG News Service