CVE-2004-1325

Microsoft Windows Media Player 9.0 - Info Disclosure

Title source: llm

Description

The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Arman Nayyeri · htmlremotewindows

https://www.exploit-db.com/exploits/25032

View Code ZIP pw:eip

References (3)

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/12032

[Mailing List] http://marc.info/?l=bugtraq&m=110352518211306&w=2

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/18587

Scores

EPSS 0.4486

EPSS Percentile 97.6%

Details

Status published

Products (1)

microsoft/windows_media_player 9

Published Dec 18, 2004

Tracked Since Feb 18, 2026