- Description
- Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_media_player:7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5C9557F-DCBF-48BA-9045-AA5DF58F604A"
},
{
"criteria": "cpe:2.3:a:microsoft:windows_media_player:8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "86922230-F654-4324-BE2F-C953B04E5EED"
}
],
"operator": "OR"
}
]
}
]