exploits , vulnerabilities , articles , Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability

Title	Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability
Published	2004-07-12-12:00AM
Updated	2004-07-12-05:45PM
Class	Input Validation Error
CVE	CAN-2004-0726
Remote	Yes
Local	No
Credit	Discovery is credited to Paul <paul@greyhats.cjb.net>.
Vulnerable	Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server Avaya DefinityOne Media Servers Avaya IP600 Media Servers Avaya S3400 Message Application Server Avaya S8100 Media Servers Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Datacenter Server SP3 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Advanced Server SP4 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server
Not Vulnerable
Code	A proof of concept is available from the following location: http://freehost07.websamba.com/greyhats/asxvuln.htm
TXT