Vulnerability Details : CVE-2003-1107

The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions.

Published 2003-12-31 05:00:00

Updated 2017-07-11 01:29:45

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2003-1107

Probability of exploitation activity in the next 30 days: 0.45%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2003-1107

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.1	MEDIUM	AV:N/AC:H/Au:N/C:P/I:P/A:P	4.9	6.4	[email protected]
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2003-1107

https://exchange.xforce.ibmcloud.com/vulnerabilities/13375
http://support.microsoft.com/default.aspx?scid=kb;en-us;828026

Patch
http://www.kb.cert.org/vuls/id/222044

US Government Resource

Products affected by CVE-2003-1107

Microsoft » Windows Media Player » Version: 7
cpe:2.3:a:microsoft:windows_media_player:7:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Media Player » Version: 6.4
cpe:2.3:a:microsoft:windows_media_player:6.4:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Media Player » Version: 7.1
cpe:2.3:a:microsoft:windows_media_player:7.1:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Media Player » Version: 9
cpe:2.3:a:microsoft:windows_media_player:9:*:*:*:*:*:*:*
Matching versions