| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.4 | $0-$5k | 0.00 |
Summary
A vulnerability marked as problematic has been reported in Microsoft Windows 9. This affects an unknown part of the component Media Player. Performing a manipulation as part of Library results in privileges management. This vulnerability was named CVE-2003-0348. The attack may be initiated remotely. There is no available exploit. To fix this issue, it is recommended to deploy a patch.
Details
A vulnerability was found in Microsoft Windows 9 (Operating System). It has been classified as problematic. This affects an unknown code of the component Media Player. The manipulation as part of a Library leads to a privileges management vulnerability. CWE is classifying the issue as CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script.
The weakness was presented 06/25/2003 by Jelmer with Microsoft as MS03-021 (Website). It is possible to read the advisory at securiteam.com. This vulnerability is uniquely identified as CVE-2003-0348 since 05/28/2003. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.
The vulnerability scanner Nessus provides a plugin with the ID 11774 (MS03-021: Windows Media Player Library Access (819639)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins and running in the context l.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at microsoft.com.
The vulnerability is also documented in the databases at X-Force (12440), Tenable (11774), SecurityFocus (BID 8034†), OSVDB (10997†) and Secunia (SA9114†). Further details are available at microsoft.com. See VDB-124 for similar entry. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.microsoft.com/
- Product: https://www.microsoft.com/en-us/windows
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.6VulDB Meta Temp Score: 5.4
VulDB Base Score: 5.6
VulDB Temp Score: 5.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Privileges managementCWE: CWE-269 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 11774
Nessus Name: MS03-021: Windows Media Player Library Access (819639)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: microsoft.com
Timeline
05/28/2003 🔍06/25/2003 🔍
06/25/2003 🔍
06/25/2003 🔍
06/25/2003 🔍
06/26/2003 🔍
07/17/2003 🔍
07/24/2003 🔍
07/24/2003 🔍
04/09/2004 🔍
12/31/2024 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: MS03-021⛔
Researcher: Jelmer
Organization: Microsoft
Status: Confirmed
CVE: CVE-2003-0348 (🔍)
GCVE (CVE): GCVE-0-2003-0348
GCVE (VulDB): GCVE-100-123
CERT: 🔍
X-Force: 12440 - Microsoft Windows Media Player ActiveX control could disclose sensitive information, Medium Risk
SecurityFocus: 8034 - Microsoft Media Player 9 Unauthorized Media Library Access Vulnerability
Secunia: 9114 - Microsoft Windows Media Player ActiveX Media Library Manipulation, Less Critical
OSVDB: 10997 - Microsoft Windows Media Player ActiveX Control Unauthorized Media Library Manipulation
SecurityTracker: 1007057 - Microsoft Windows Media Player Access Control Flaw Lets Remote Users View, Modify, and Delete Media Library Metadata
SecuriTeam: securiteam.com
Vulnerability Center: 1458 - [MS03-021] Microsoft Media Player Allows Unauthorized Access to Media Library, Medium
Misc.: 🔍
See also: 🔍
Entry
Created: 06/25/2003 02:00Updated: 12/31/2024 04:39
Changes: 06/25/2003 02:00 (61), 04/05/2017 14:46 (35), 03/08/2021 12:18 (2), 12/31/2024 04:39 (15)
Complete: 🔍
Cache ID: 216:D3D:103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.