Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0228 — Path Traversal in Microsoft Windows Media Player

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

75.0%

top 1.13%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows Media Player

Timeline

PublishedMay 27

Latest updateApr 29

Description

Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/windows_media_player7.1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-gq39-pwjr-jm43: Directory traversal vulnerability in Microsoft Windows Media Player 7↗2022-04-29

▶

CVEList

CVE-2003-0228: Directory traversal vulnerability in Microsoft Windows Media Player 7↗2003-05-08

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows Media Player 7.1 - Skin File Code Execution↗2003-05-07

▶