cve-2003-0604
Vulnerability from cvelistv5
Published
2003-07-29 04:00
Modified
2024-08-08 01:58
Severity ?
Summary
Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=105899261818572&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=105906867322856&w=2
cve@mitre.orghttp://marc.info/?l=ntbugtraq&m=105899408520292&w=2
cve@mitre.orghttp://marc.info/?l=ntbugtraq&m=105906261314411&w=2
cve@mitre.orghttp://www.malware.com/once.again%21.html
cve@mitre.orghttp://www.pivx.com/larholm/unpatched/
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=105899261818572&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=105906867322856&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=ntbugtraq&m=105899408520292&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=ntbugtraq&m=105906261314411&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.malware.com/once.again%21.html
af854a3a-2127-422b-91ae-364da2661108http://www.pivx.com/larholm/unpatched/
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:58:11.095Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20030723 Re: Drivial Pursuit: Internet Explorer Browser \u0026 Your Files and Folders !",
            "tags": [
              "mailing-list",
              "x_refsource_NTBUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=ntbugtraq\u0026m=105906261314411\u0026w=2"
          },
          {
            "name": "20030723 Drivial Pursuit: Internet Explorer Browser \u0026 Your Files and Folders !",
            "tags": [
              "mailing-list",
              "x_refsource_NTBUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=ntbugtraq\u0026m=105899408520292\u0026w=2"
          },
          {
            "name": "20030723 Drivial Pursuit: Internet Explorer Browser \u0026 Your Files and Folders !",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=105899261818572\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.pivx.com/larholm/unpatched/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.malware.com/once.again%21.html"
          },
          {
            "name": "20030723 Re: Drivial Pursuit: Internet Explorer Browser \u0026 Your Files and Folders !",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=105906867322856\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-07-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20030723 Re: Drivial Pursuit: Internet Explorer Browser \u0026 Your Files and Folders !",
          "tags": [
            "mailing-list",
            "x_refsource_NTBUGTRAQ"
          ],
          "url": "http://marc.info/?l=ntbugtraq\u0026m=105906261314411\u0026w=2"
        },
        {
          "name": "20030723 Drivial Pursuit: Internet Explorer Browser \u0026 Your Files and Folders !",
          "tags": [
            "mailing-list",
            "x_refsource_NTBUGTRAQ"
          ],
          "url": "http://marc.info/?l=ntbugtraq\u0026m=105899408520292\u0026w=2"
        },
        {
          "name": "20030723 Drivial Pursuit: Internet Explorer Browser \u0026 Your Files and Folders !",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=105899261818572\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.pivx.com/larholm/unpatched/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.malware.com/once.again%21.html"
        },
        {
          "name": "20030723 Re: Drivial Pursuit: Internet Explorer Browser \u0026 Your Files and Folders !",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=105906867322856\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0604",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20030723 Re: Drivial Pursuit: Internet Explorer Browser \u0026 Your Files and Folders !",
              "refsource": "NTBUGTRAQ",
              "url": "http://marc.info/?l=ntbugtraq\u0026m=105906261314411\u0026w=2"
            },
            {
              "name": "20030723 Drivial Pursuit: Internet Explorer Browser \u0026 Your Files and Folders !",
              "refsource": "NTBUGTRAQ",
              "url": "http://marc.info/?l=ntbugtraq\u0026m=105899408520292\u0026w=2"
            },
            {
              "name": "20030723 Drivial Pursuit: Internet Explorer Browser \u0026 Your Files and Folders !",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=105899261818572\u0026w=2"
            },
            {
              "name": "http://www.pivx.com/larholm/unpatched/",
              "refsource": "MISC",
              "url": "http://www.pivx.com/larholm/unpatched/"
            },
            {
              "name": "http://www.malware.com/once.again!.html",
              "refsource": "MISC",
              "url": "http://www.malware.com/once.again!.html"
            },
            {
              "name": "20030723 Re: Drivial Pursuit: Internet Explorer Browser \u0026 Your Files and Folders !",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=105906867322856\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0604",
    "datePublished": "2003-07-29T04:00:00",
    "dateReserved": "2003-07-25T00:00:00",
    "dateUpdated": "2024-08-08T01:58:11.095Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:windows_media_player:7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5C9557F-DCBF-48BA-9045-AA5DF58F604A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:windows_media_player:8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86922230-F654-4324-BE2F-C953B04E5EED\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.\"}, {\"lang\": \"es\", \"value\": \"Windows Media Player (WMP) 7 y 8, corriendo en Internet Explorer y posiblemente otros productos de Microsoft que procesan HTML, permite a atacantes remotos saltarse restricciones de zona y acceder o ejecutar ficheros arbitrarios mediante una etiqueta IFRAME apuntando a un fichero ADF cuyo \\\"Content-location\\\" contiene una URL de tipo \\\"File://\\\".\"}]",
      "id": "CVE-2003-0604",
      "lastModified": "2024-11-20T23:45:07.317",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2003-08-27T04:00:00.000",
      "references": "[{\"url\": \"http://marc.info/?l=bugtraq\u0026m=105899261818572\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=105906867322856\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=ntbugtraq\u0026m=105899408520292\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=ntbugtraq\u0026m=105906261314411\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.malware.com/once.again%21.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.pivx.com/larholm/unpatched/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=105899261818572\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=105906867322856\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=ntbugtraq\u0026m=105899408520292\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=ntbugtraq\u0026m=105906261314411\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.malware.com/once.again%21.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.pivx.com/larholm/unpatched/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2003-0604\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2003-08-27T04:00:00.000\",\"lastModified\":\"2024-11-20T23:45:07.317\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.\"},{\"lang\":\"es\",\"value\":\"Windows Media Player (WMP) 7 y 8, corriendo en Internet Explorer y posiblemente otros productos de Microsoft que procesan HTML, permite a atacantes remotos saltarse restricciones de zona y acceder o ejecutar ficheros arbitrarios mediante una etiqueta IFRAME apuntando a un fichero ADF cuyo \\\"Content-location\\\" contiene una URL de tipo \\\"File://\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_media_player:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5C9557F-DCBF-48BA-9045-AA5DF58F604A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_media_player:8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86922230-F654-4324-BE2F-C953B04E5EED\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=105899261818572\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=105906867322856\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=ntbugtraq\u0026m=105899408520292\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=ntbugtraq\u0026m=105906261314411\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.malware.com/once.again%21.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.pivx.com/larholm/unpatched/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=105899261818572\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=105906867322856\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=ntbugtraq\u0026m=105899408520292\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=ntbugtraq\u0026m=105906261314411\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.malware.com/once.again%21.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.pivx.com/larholm/unpatched/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.