Vulnerability Details CVE-2003-0604
Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.084
EPSS Ranking 91.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=105899261818572&w=2
- http://marc.info/?l=bugtraq&m=105906867322856&w=2
- http://marc.info/?l=ntbugtraq&m=105899408520292&w=2
- http://marc.info/?l=ntbugtraq&m=105906261314411&w=2
- http://www.malware.com/once.again%21.html
- http://www.pivx.com/larholm/unpatched/
- http://marc.info/?l=bugtraq&m=105899261818572&w=2
- http://marc.info/?l=bugtraq&m=105906867322856&w=2
- http://marc.info/?l=ntbugtraq&m=105899408520292&w=2
- http://marc.info/?l=ntbugtraq&m=105906261314411&w=2
- http://www.malware.com/once.again%21.html
- http://www.pivx.com/larholm/unpatched/
Products affected by CVE-2003-0604
-
cpe:2.3:a:microsoft:windows_media_player:7
-
cpe:2.3:a:microsoft:windows_media_player:8