CVE-2004-1325

Microsoft Windows Media Player 9.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1325. PoCs published by Arman Nayyeri.

AI-analyzed exploit summary This exploit leverages a file enumeration vulnerability in the Windows Media Player ActiveX control (CVE-2004-1325) by prompting the user for a file path and using the `getItemInfoByAtom` method to check file existence and size. It demonstrates an information leak that could aid further attacks.

Description

The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Arman Nayyeri · htmlremotewindows
https://www.exploit-db.com/exploits/25032

This exploit leverages a file enumeration vulnerability in the Windows Media Player ActiveX control (CVE-2004-1325) by prompting the user for a file path and using the `getItemInfoByAtom` method to check file existence and size. It demonstrates an information leak that could aid further attacks.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Windows Media Player 9
No auth needed
Prerequisites: User interaction (prompt input) · ActiveX enabled in browser · Windows Media Player 9 installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12032
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110352518211306&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18587

Scores

EPSS 0.1572
EPSS Percentile 96.4%

Details

Status published
Products (1)
microsoft/windows_media_player 9
Published Dec 18, 2004
Tracked Since Feb 18, 2026