CVE-2003-1107 — Microsoft Windows Media Player vulnerability

3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

7.4%

top 8.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Media Player

Timeline

PublishedDec 31

Latest updateApr 29

Description

The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/windows_media_player4 versions+3

🔴Vulnerability Details

GHSA

GHSA-r9v6-26x9-xcw6: The DHTML capability in Microsoft Windows Media Player (WMP) 6↗2022-04-29

▶

CVEList

CVE-2003-1107: The DHTML capability in Microsoft Windows Media Player (WMP) 6↗2005-03-11

▶