File Existence Disclosure Vulnerability in Windows Media Player 9.0 ActiveX Control

File Existence Disclosure Vulnerability in Windows Media Player 9.0 ActiveX Control

CVE-2004-1325 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system.

Learn more about our Web Application Penetration Testing UK.