Arman Nayyeri

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Media Player version 9.0 Description: The issue allows remote attackers to execute arbitrary web script in the Local computer zone. This can occur via the `artist` or `song` fields of a music file when the file is processed using Internet Explorer. Recommendations: For Microsoft Windows Media Player version 9.0, consider disabling the ActiveX control temporarily to minimize the risk of exploitation. Restrict access to music files that could be used to trigger the issue until a fix is available.

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Media Player version 9.0 Description: The issue allows remote attackers to determine the existence of files on the local system by utilizing the getItemInfoByAtom function in the ActiveX control, which returns a 0 if the file does not exist and the size of the file if the file exists. Recommendations: For Microsoft Windows Media Player version 9.0, consider disabling the getItemInfoByAtom function as a temporary workaround until a patch is available. Restrict access to the ActiveX control to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 5.5 through 6.0 **Description** The issue allows remote attackers to cause a denial of service due to memory consumption. This is achieved by using a small BMP file that has a large memory size, which causes the software to allocate memory based on the written memory size instead of the actual file size. **Recommendations** For Microsoft Internet Explorer versions 5.5 through 6.0, consider avoiding the use of BMP files with large memory sizes until a fix is available. As a temporary workaround, restrict access to potentially malicious BMP files to minimize the risk of exploitation.