Vulnerability Name:

CVE-2001-0137 (CCN-5937)

Assigned:2001-01-15
Published:2001-01-15
Updated:2018-10-12
Summary:Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2001-0137

Source: BUGTRAQ
Type: UNKNOWN
20010115 Windows Media Player 7 and IE java vulnerability - executing arbitrary programs

Source: CCN
Type: Georgi Guninski Security Advisory #35
Windows Media Player 7 and IE java vulnerability - executing arbitrary programs

Source: CCN
Type: Microsoft Security Bulletin MS01-010 FAQ
Microsoft Security Bulletin (MS01-010): Frequently Asked Questions

Source: CCN
Type: Microsoft Security Bulletin MS01-010
Patch Available for "Windows Media Player Skins File Download" Vulnerability

Source: CCN
Type: OSVDB ID: 1725
Microsoft Windows Media Player .WMZ Arbitrary Java Applet

Source: BID
Type: Exploit, Patch, Vendor Advisory
2203

Source: CCN
Type: BID-2203
Microsoft Windows Media Player .WMZ Arbitrary Java Applet Vulnerability

Source: MS
Type: UNKNOWN
MS01-010

Source: XF
Type: UNKNOWN
win-mediaplayer-arbitrary-code(5937)

Source: XF
Type: UNKNOWN
win-mediaplayer-arbitrary-code(5937)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:windows_media_player:7:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:windows_media_player:7:*:*:*:*:*:*:*
  • AND
  • cpe:/a:microsoft:ie:*:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft windows media player 7
    microsoft windows media player 7
    microsoft ie *
    sun jre *