Information disclosure in Microsoft Windows Media Player

1) Information disclosure

EUVDB-ID: #VU15255

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-8481

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to Windows Media Player improperly discloses file information. A remote attacker can open a specially crafted hyperlink and determine the presence of files on disk.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 7 - 10 1809

Windows Server: 2008 - 2019 1803

CPE2.3

• cpe:2.3:o:microsoft:windows:8.1:*:*:*:*:*:*:*

External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8481

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Information disclosure

EUVDB-ID: #VU15256

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-8482

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to Windows Media Player improperly discloses file information. A remote attacker can open a specially crafted hyperlink and determine the presence of files on disk.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 7 - 10 1809

Windows Server: 2008 - 2019 1803

CPE2.3

• cpe:2.3:o:microsoft:windows:8.1:*:*:*:*:*:*:*

External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8482

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?