Vulnerability Description
The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Media Player | 9 |
References
- http://marc.info/?l=bugtraq&m=110352518211306&w=2
- http://www.securityfocus.com/bid/12032ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18587
- http://marc.info/?l=bugtraq&m=110352518211306&w=2
- http://www.securityfocus.com/bid/12032ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18587
FAQ
What is CVE-2004-1325?
CVE-2004-1325 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote att...
How severe is CVE-2004-1325?
CVE-2004-1325 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1325?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Media Player.