CVE-1999-1110

Windows Media Player <5.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1110. PoCs published by Georgi Guninski.

AI-analyzed exploit summary This exploit demonstrates an information leakage vulnerability in the Windows Media Player ActiveX control shipped with Internet Explorer 5.0. By attempting to load a local file and checking the returned error code, an attacker can determine whether the file exists on the victim's system.

Description

Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Georgi Guninski · textremotewindows
https://www.exploit-db.com/exploits/19618

This exploit demonstrates an information leakage vulnerability in the Windows Media Player ActiveX control shipped with Internet Explorer 5.0. By attempting to load a local file and checking the returned error code, an attacker can determine whether the file exists on the victim's system.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Internet Explorer 5.0 with Windows Media Player ActiveX control
No auth needed
Prerequisites: Victim must be using Internet Explorer 5.0 with the vulnerable ActiveX control enabled · Victim must visit a malicious webpage or open a malicious HTML file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/793
Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/34675

Scores

EPSS 0.0982
EPSS Percentile 94.9%

Details

Status published
Products (1)
microsoft/internet_explorer 5.0
Published Nov 14, 1999
Tracked Since Feb 18, 2026