Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1325 — Microsoft Windows Media Player vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

44.9%

top 2.41%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows Media Player

Timeline

PublishedDec 18

Latest updateApr 29

Description

The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/windows_media_player9

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-vmqr-c49v-3hhp: The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9↗2022-04-29

▶

CVEList

CVE-2004-1325: The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9↗2005-01-06

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows Media Player 9.0 - ActiveX Control File Enumeration↗2004-12-18

▶