| Vulnerability Name: | CVE-2004-1324 (CCN-18576) | ||||||||
| Assigned: | 2004-12-18 | ||||||||
| Published: | 2004-12-18 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer. | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sat Dec 18 2004 - 01:43:55 CST MS Windows Media Player 9 Vulns (2) Source: MITRE Type: CNA CVE-2004-1324 Source: BUGTRAQ Type: UNKNOWN 20041218 MS Windows Media Player 9 Vulns (2) Source: CCN Type: Microsoft Download Center Web page Windows Media Player 10 Source: CCN Type: OSVDB ID: 12511 Microsoft Windows Media Player ActiveX Control setItemInfo() / getItemInfo() Arbitrary WMA File Manipulation Source: BID Type: Exploit, Patch, Vendor Advisory 12031 Source: CCN Type: BID-12031 Windows Media Player ActiveX Control Media File Attribute Corruption Weakness Source: XF Type: UNKNOWN mediaplayer-mp3-code-execution(18576) Source: XF Type: UNKNOWN mediaplayer-mp3-code-execution(18576) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||