CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.4%
Microsoft Media Player contains a vulnerability in the parsing of “Skin Files” that may permit a remote attacker to download arbitrary files to a known location on the local system.
Microsoft Media Player is an application that plays various types of media files. The user can customize the appearance of Microsoft’s Media Player through the use of skin files. Skin files can be created and downloaded from the Internet. Microsoft’s Media Player uses XML to determine the location of these files.
A directory traversal vulnerability exists in Microsoft Media Player 7.1 (for Windows 98, 98SE, ME, 2000) and 8.0 (Windows XP) when parsing of an XML file specifying the location of a skin file. The XML parser fails to recognize hex encoded characters that can permit an attacker to exit the temporary directory, and place files in a known location on the system.
Exploitation of this vulnerability may permit a remote attacker to download a malicious file to a known location on the local system or any mounted network drives that the current user has access to. These files may be programs, configuration files, or various other types of files. The attacker must trick the user into visiting the malicious website in order to exploit this vulnerability.
For more details, please see Microsoft’s Advisory MS03-017.
A remote attacker may be able to download arbitrary files to the system in a known location. If the file is placed in the “Start Up” folder, or used in conjunction with other vulnerabilities (such as VU#626395, VU#25249 or VU#489721), the attacker may then be able to execute arbitrary code on the system.
Microsoft has released patches for versions 7.1 and 8.0 in MS03-017 to address this issue.
Microsoft Media Player 9 is not affected by this vulnerability.
384932
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: May 07, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
For more details, please see Microsoft’s Advisory MS03-017.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23384932 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Jouko Pynnonen for reporting this vulnerability and Microsoft for addressing this issue.
This document was written by Jason A Rafail.
CVE IDs: | CVE-2003-0228 |
---|---|
Severity Metric: | 18.98 Date Public: |