Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1324 — Microsoft Windows Media Player vulnerability

4 documents4 sources

Severity

2.6LOWNVD

EPSS

16.7%

top 5.05%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows Media Player

Timeline

PublishedDec 18

Latest updateApr 29

Description

The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/windows_media_player9

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-m42j-v8jp-9cwc: The Microsoft Windows Media Player 9↗2022-04-29

▶

CVEList

CVE-2004-1324: The Microsoft Windows Media Player 9↗2005-01-06

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows Media Player 9.0 - ActiveX Control Media File Attribute Corruption↗2004-12-18

▶