Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-1112 — Microsoft Windows Media Player vulnerability

4 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

2.0%

top 16.30%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows Media Player

Timeline

PublishedJan 9

Latest updateApr 30

Description

Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/windows_media_player6.4, 7+1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-3mjq-qmqc-xrrv: Microsoft Windows Media Player 7 executes scripts in custom skin (↗2022-04-30

▶

CVEList

CVE-2000-1112: Microsoft Windows Media Player 7 executes scripts in custom skin (↗2001-01-22

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows Media Player 7.0 - '.wms' Arbitrary Script (MS00-090)↗2000-11-22

▶