CVE-2003-0604

high

Description

Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.

References

http://www.pivx.com/larholm/unpatched/

http://www.malware.com/once.again%21.html

http://marc.info/?l=ntbugtraq&m=105906261314411&w=2

http://marc.info/?l=ntbugtraq&m=105899408520292&w=2

http://marc.info/?l=bugtraq&m=105906867322856&w=2

http://marc.info/?l=bugtraq&m=105899261818572&w=2

Details

Source: Mitre, NVD

Published: 2003-08-27

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.1111