CVE-2004-1324

Microsoft Windows Media Player 9.0 - XSS

Title source: llm

Description

The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Arman Nayyeri · htmlremotewindows

https://www.exploit-db.com/exploits/25031

View Code ZIP pw:eip

References (3)

[Mailing List] http://marc.info/?l=bugtraq&m=110352518211306&w=2

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/12031

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/18576

Scores

EPSS 0.1672

EPSS Percentile 95.0%

Details

Status published

Products (1)

microsoft/windows_media_player 9

Published Dec 18, 2004

Tracked Since Feb 18, 2026