Microsoft Windows Media Player 7.0 - .wms Arbitrary Script Vulnerability

2000-11-22T00:00:00
ID EDB-ID:20424
Type exploitdb
Reporter Sandro Gauci
Modified 2000-11-22T00:00:00

Description

Microsoft Windows Media Player 7.0 .WMS Arbitrary Script Vulnerability. CVE-2000-1112. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/1976/info

Windows Media Player is an application used for digital audio, and video content viewing.

It is possible for a user running Windows Media Player 7 to enable a skin (.wms) file and unknowingly execute an embedded malicious script. When a user attempts to retrieve a skin (.wms) file it is downloaded and resides on the user's local machine. If Windows Media Player is run with the malicious skin enabled, the Active X component would allow any arbitrary action to be achieved. Depending on internet security settings this vulnerability is also exploitable if the skin file in question resides on a web site. The script could automatically launch when a user visits the web site.

Execution of arbitrary scripts could make it possible for the malicious host to gain rights equivalent to those of the current user. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/20424.zip