vendor:
Internet Explorer
by:
SecurityFocus
7.5
CVSS
HIGH
Media Player ActiveX Error Message Vulnerability
200
CWE
Product Name: Internet Explorer
Affected Version From: IE 5
Affected Version To: IE 5
Patch Exists: No
Related CWE: N/A
CPE: a:microsoft:internet_explorer:5.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 2000/Windows 95/Windows 98/Windows NT 4
2001
Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4 Media Player ActiveX Error Message Vulnerability
The Windows Media Player ActiveX control, shipped with IE 5, returns a specific error code if it is instructed to load a local file that does not exist. In this way, an attacker could determine whether or not a specified file on the victim's host exists. This could be used to determine user names and other facets of system configuration.
Mitigation:
Ensure that the Windows Media Player ActiveX control is not installed on the system.
