Unrated severityNVD Advisory· Published Aug 27, 2003· Updated Apr 16, 2026

CVE-2003-0604

Description

Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.

Affected products

Microsoft/Windows Media Player2 versions
cpe:2.3:a:microsoft:windows_media_player:7:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:windows_media_player:7:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:windows_media_player:8:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

marc.infonvd
marc.infonvd
marc.infonvd
marc.infonvd
www.malware.com/once.again%21.htmlnvd
www.pivx.com/larholm/unpatched/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000