CVE-2001-0137

Windows Media Player 7 - Remote Code Execution via Malicious Skin File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0137. PoCs published by Georgi Guninski.

AI-analyzed exploit summary This exploit leverages a vulnerability in Microsoft Windows Media Player 7 and Internet Explorer to download and execute arbitrary Java code disguised as a skin file. The attack involves tricking the victim into visiting a malicious HTML page that downloads and executes a 'skin.wmz' file containing executable Java code.

Description

Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Georgi Guninski · htmlremotewindows

https://www.exploit-db.com/exploits/20553

View Code ZIP pw:eip

This exploit leverages a vulnerability in Microsoft Windows Media Player 7 and Internet Explorer to download and execute arbitrary Java code disguised as a skin file. The attack involves tricking the victim into visiting a malicious HTML page that downloads and executes a 'skin.wmz' file containing executable Java code.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Windows Media Player 7 and Internet Explorer

No auth needed

Prerequisites: Victim must visit a malicious HTML page · Windows Media Player 7 installed · Internet Explorer used as the browser

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/2203

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-010

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=97958100816503&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/5937

Scores

EPSS 0.2217

EPSS Percentile 97.4%

Details

Status published

Products (1)

microsoft/windows_media_player 7

Published Mar 12, 2001

Tracked Since Feb 18, 2026