Vulnerability Description
Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Media Player | 7 |
References
- http://marc.info/?l=bugtraq&m=105899261818572&w=2
- http://marc.info/?l=bugtraq&m=105906867322856&w=2
- http://marc.info/?l=ntbugtraq&m=105899408520292&w=2
- http://marc.info/?l=ntbugtraq&m=105906261314411&w=2
- http://www.malware.com/once.again%21.html
- http://www.pivx.com/larholm/unpatched/
- http://marc.info/?l=bugtraq&m=105899261818572&w=2
- http://marc.info/?l=bugtraq&m=105906867322856&w=2
- http://marc.info/?l=ntbugtraq&m=105899408520292&w=2
- http://marc.info/?l=ntbugtraq&m=105906261314411&w=2
- http://www.malware.com/once.again%21.html
- http://www.pivx.com/larholm/unpatched/
FAQ
What is CVE-2003-0604?
CVE-2003-0604 is a vulnerability with a CVSS score of 7.5 (HIGH). Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute a...
How severe is CVE-2003-0604?
CVE-2003-0604 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0604?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Media Player.