Vulnerability Details CVE-2003-1107
The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.084
EPSS Ranking 91.8%
CVSS Severity
CVSS v2 Score 5.1
References
- http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B828026
- http://www.kb.cert.org/vuls/id/222044
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13375
- http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B828026
- http://www.kb.cert.org/vuls/id/222044
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13375
Products affected by CVE-2003-1107
-
cpe:2.3:a:microsoft:windows_media_player:6.4
-
cpe:2.3:a:microsoft:windows_media_player:7
-
cpe:2.3:a:microsoft:windows_media_player:7.1
-
cpe:2.3:a:microsoft:windows_media_player:9