CVE-2004-1325 : The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Medi

The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system.

Published 2004-12-18 05:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2004-1325

Microsoft » Windows Media Player » Version: 9
cpe:2.3:a:microsoft:windows_media_player:9:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2004-1325

EPSS FAQ

44.55%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 97 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2004-1325

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2004-1325

https://exchange.xforce.ibmcloud.com/vulnerabilities/18587

Microsoft Windows Media Player ActiveX object reveals existence of files CVE-2004-1325 Vulnerability Report
http://marc.info/?l=bugtraq&m=110352518211306&w=2

CVEs referencing this url
http://www.securityfocus.com/bid/12032

Exploit;Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2004-1325

Products affected by CVE-2004-1325

Exploit prediction scoring system (EPSS) score for CVE-2004-1325

CVSS scores for CVE-2004-1325

References for CVE-2004-1325