CVE-2003-0604

Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=105899261818572&w=2
http://marc.info/?l=bugtraq&m=105906867322856&w=2
http://marc.info/?l=ntbugtraq&m=105899408520292&w=2
http://marc.info/?l=ntbugtraq&m=105906261314411&w=2
http://www.malware.com/once.again%21.html
http://www.pivx.com/larholm/unpatched/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:windows_media_player:7:::::::*
	cpe:2.3:a:microsoft:windows_media_player:8:::::::*

History

07 Nov 2023, 01:56

Type	Values Removed	Values Added
References	~~{'url': 'http://www.malware.com/once.again!.html', 'name': 'http://www.malware.com/once.again!.html', 'tags': [], 'refsource': 'MISC'}~~	() http://www.malware.com/once.again%21.html -

Information

Published : 2003-08-27 04:00

Updated : 2024-02-28 10:24

NVD link : CVE-2003-0604

Mitre link : CVE-2003-0604

CVE.ORG link : CVE-2003-0604

JSON object : View

Products Affected

microsoft

windows_media_player

CWE

NVD-CWE-Other

{"id": "CVE-2003-0604", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2003-08-27T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=105899261818572&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=105906867322856&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=ntbugtraq&m=105899408520292&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=ntbugtraq&m=105906261314411&w=2", "source": "cve@mitre.org"}, {"url": "http://www.malware.com/once.again%21.html", "source": "cve@mitre.org"}, {"url": "http://www.pivx.com/larholm/unpatched/", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL."}, {"lang": "es", "value": "Windows Media Player (WMP) 7 y 8, corriendo en Internet Explorer y posiblemente otros productos de Microsoft que procesan HTML, permite a atacantes remotos saltarse restricciones de zona y acceder o ejecutar ficheros arbitrarios mediante una etiqueta IFRAME apuntando a un fichero ADF cuyo \"Content-location\" contiene una URL de tipo \"File://\"."}], "lastModified": "2023-11-07T01:56:19.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_media_player:7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5C9557F-DCBF-48BA-9045-AA5DF58F604A"}, {"criteria": "cpe:2.3:a:microsoft:windows_media_player:8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86922230-F654-4324-BE2F-C953B04E5EED"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}