Microsoft Windows Media Player Information Disclosure Vulnerability



A vulnerability in Microsoft Windows Media Player could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.

The vulnerability exists because the affected software will improperly disclose the presence of arbitrary files on disk when handling user-supplied input. An attacker could exploit the vulnerability by persuading a user to access a link that submits malicious input to the affected software. A successful exploit could allow the attacker to access sensitive information on the targeted system, which could be used to conduct additional attacks.

Microsoft confirmed the vulnerability and released software updates.

Security Impact Rating: Low

CVE: CVE-2018-8482

Source:: Cisco Multivendor Vulnerability Alerts