Lucene search

MitreCVE-2003-0604

HistoryAug 27, 2003 - 4:00 a.m.

CVE-2003-0604

2003-08-2704:00:00

mitre

web.nvd.nist.gov

windows media player

wmp

zone restrictions

remote attackers

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.01

Percentile

83.9%

JSON

Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.

Affected configurations

Nvd

Node

microsoftwindows_media_playerMatch7

microsoftwindows_media_playerMatch8

VendorProductVersionCPE
microsoftwindows_media_player7cpe:2.3:a:microsoft:windows_media_player:7:*:*:*:*:*:*:*
microsoftwindows_media_player8cpe:2.3:a:microsoft:windows_media_player:8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_media_player	7	cpe:2.3:a:microsoft:windows_media_player:7:::::::*
microsoft	windows_media_player	8	cpe:2.3:a:microsoft:windows_media_player:8:::::::*

References

marc.info/?l=bugtraq&m=105899261818572&w=2

marc.info/?l=bugtraq&m=105906867322856&w=2

marc.info/?l=ntbugtraq&m=105899408520292&w=2

marc.info/?l=ntbugtraq&m=105906261314411&w=2

www.malware.com/once.again%21.html

www.pivx.com/larholm/unpatched/

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.01

Percentile

83.9%

JSON

Related for CVE-2003-0604