CVE-2003-0604 — Microsoft Windows Media Player vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

8.4%

top 7.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Media Player

Timeline

PublishedAug 27

Latest updateApr 29

Description

Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/windows_media_player7, 8+1

🔴Vulnerability Details

GHSA

GHSA-mmxr-cc8m-vj7g: Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers t↗2022-04-29

▶

CVEList

CVE-2003-0604: Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers t↗2003-07-29

▶