Lucene search

[email protected]CVE-2003-0604

HistoryAug 27, 2003 - 4:00 a.m.

CVE-2003-0604

2003-08-2704:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

windows media player

wmp

zone restrictions

remote attackers

security vulnerability

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.7%

JSON

Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.

CPENameOperatorVersion
microsoft:windows_media_playermicrosoft windows media playereq7
microsoft:windows_media_playermicrosoft windows media playereq8

CPE	Name	Operator	Version
microsoft:windows_media_player	microsoft windows media player	eq	7
microsoft:windows_media_player	microsoft windows media player	eq	8

References

marc.info/?l=bugtraq&m=105899261818572&w=2

marc.info/?l=bugtraq&m=105906867322856&w=2

marc.info/?l=ntbugtraq&m=105899408520292&w=2

marc.info/?l=ntbugtraq&m=105906261314411&w=2

www.malware.com/once.again%21.html

www.pivx.com/larholm/unpatched/

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.7%

JSON