CVE-2003-0604

Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.pivx.com/larholm/unpatched/
http://marc.info/?l=ntbugtraq&m=105899408520292&w=2
http://marc.info/?l=bugtraq&m=105899261818572&w=2
http://marc.info/?l=bugtraq&m=105906867322856&w=2
http://marc.info/?l=ntbugtraq&m=105906261314411&w=2
http://www.malware.com/once.again!.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:windows_media_player:8:::::::*
	cpe:2.3:a:microsoft:windows_media_player:7:::::::*

Information

Published : 2003-08-26 21:00

Updated : 2018-08-13 14:47

NVD link : CVE-2003-0604

Mitre link : CVE-2003-0604

JSON object : View

CWE

NVD-CWE-Other

Products Affected

microsoft

windows_media_player

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.pivx.com/larholm/unpatched/", "name": "http://www.pivx.com/larholm/unpatched/", "tags": [], "refsource": "MISC"}, {"url": "http://marc.info/?l=ntbugtraq&m=105899408520292&w=2", "name": "20030723 Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !", "tags": [], "refsource": "NTBUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=105899261818572&w=2", "name": "20030723 Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=105906867322856&w=2", "name": "20030723 Re: Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=ntbugtraq&m=105906261314411&w=2", "name": "20030723 Re: Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !", "tags": [], "refsource": "NTBUGTRAQ"}, {"url": "http://www.malware.com/once.again!.html", "name": "http://www.malware.com/once.again!.html", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-0604", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2003-08-27T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:windows_media_player:8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:windows_media_player:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-08-13T21:47Z"}

7.5 /10