CVE-2001-0148

Windows Media Player 7 - RCE

Title source: llm

Description

The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Georgi Guninski · htmlremotewindows

https://www.exploit-db.com/exploits/20528

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/6227

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015

[Exploit, Patch, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2001-01/0000.html

Scores

EPSS 0.1366

EPSS Percentile 94.3%

Details

Status published

Products (1)

microsoft/windows_media_player 7

Published Jun 02, 2001

Tracked Since Feb 18, 2026