1. CVE-Search
  2. CVE-2002-0372
ID CVE-2002-0372
Summary Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player".
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:windows_media_player:-:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:windows_media_player:-:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:windows_media_player:6.4:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:windows_media_player:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:windows_media_player:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:windows_media_player:7.1:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2014-06-30T04:10:59.765-04:00
class vulnerability
contributors
  • name Tiffany Bergeron
    organization The MITRE Corporation
  • name Josh Turpin
    organization Symantec Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
description Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player".
family windows
id oval:org.mitre.oval:def:281
status accepted
submitted 2003-11-26T12:00:00.000-04:00
title Cache Path Disclosure via Windows Media Player
version 68
refmap via4
bid 5107
xf mediaplayer-cache-code-execution(9420)
Last major update 30-10-2018 - 16:25
Published 03-07-2002 - 04:00
Last modified 30-10-2018 - 16:25
Back to Top