CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
83.9%
Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | windows_media_player | 7 | cpe:2.3:a:microsoft:windows_media_player:7:*:*:*:*:*:*:* |
microsoft | windows_media_player | 8 | cpe:2.3:a:microsoft:windows_media_player:8:*:*:*:*:*:*:* |