CVE-2001-0137

Windows Media Player 7 - RCE

Title source: llm

Description

Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Georgi Guninski · htmlremotewindows

https://www.exploit-db.com/exploits/20553

View Code ZIP pw:eip

References (4)

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/2203

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-010

[Mailing List] http://marc.info/?l=bugtraq&m=97958100816503&w=2

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/5937

Scores

EPSS 0.0739

EPSS Percentile 91.7%

Details

Status published

Products (1)

microsoft/windows_media_player 7

Published Mar 12, 2001

Tracked Since Feb 18, 2026