Описание
Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.
Ссылки
- US Government Resource
- ExploitPatchVendor Advisory
- US Government Resource
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:windows_media_player:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_player:7.1:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.75024
Высокий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.
EPSS
Процентиль: 99%
0.75024
Высокий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other