Vulnerabilities > CVE-2002-0372 - Path Disclosure vulnerability in Windows Media Player IE Cache

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
nessus
NVD
Published: 2002-07-03
Updated: 2018-10-30

Summary

Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player".

Vulnerable Configurations

Part Description Count
Application
Microsoft
3

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS02-032.NASL
descriptionThe remote version of Windows Media Player is affected by various flaws : - A remote attacker may be able to execute arbitrary code when sending a badly formed file. - A local attacker may gain SYSTEM privileges.
last seen2017-10-29
modified2017-08-30
plugin id11302
published2003-03-01
reporterTenable
sourcehttps://www.tenable.com/plugins/index.php?view=single&id=11302
titleMS02-032: Cumulative patch for Windows Media Player (320920)
code
#%NASL_MIN_LEVEL 999999

#
# (C) Tenable Network Security, Inc.
#

# Fixed in Windows XP SP1
#
# Vulnerable versions :
# 	Media Player in Windows XP preSP1
# 	Media Player 6.4
#	Media Player 7.1
#
# Supercedes MS01-056
#
# @DEPRECATED@

include("compat.inc");

if (description)
{
 script_id(11302);
 script_version("1.38");
 script_cvs_date("Date: 2018/08/13 14:32:39");

 script_cve_id("CVE-2002-0372", "CVE-2002-0373", "CVE-2002-0615");
 script_bugtraq_id(5107, 5109, 5110);
 script_xref(name:"MSFT", value:"MS02-032");
 script_xref(name:"MSKB", value:"320920");

 script_name(english:"MS02-032: Cumulative patch for Windows Media Player (320920)");
 script_summary(english:"Checks the version of Media Player");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through the media
player.");
 script_set_attribute(attribute:"description", value:
"The remote version of Windows Media Player is affected by various flaws :

  - A remote attacker may be able to execute arbitrary code
    when sending a badly formed file.

  - A local attacker may gain SYSTEM privileges.");
 script_set_attribute(attribute:"see_also", value:"https://technet.microsoft.com/library/security/ms02-032");
 script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows XP.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");

 script_set_attribute(attribute:"vuln_publication_date", value:"2002/04/08");
 script_set_attribute(attribute:"patch_publication_date", value:"2002/06/26");
 script_set_attribute(attribute:"plugin_publication_date", value:"2003/03/01");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:windows_media_player");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl");
 script_require_keys("SMB/Registry/Enumerated");
 script_require_ports(139, 445);
 exit(0);
}

# FP -> superseded by many other patches.
exit(0);

Oval

accepted2014-06-30T04:10:59.765-04:00
classvulnerability
contributors
  • nameTiffany Bergeron
    organizationThe MITRE Corporation
  • nameJosh Turpin
    organizationSymantec Corporation
  • nameMaria Mikhno
    organizationALTX-SOFT
descriptionMicrosoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player".
familywindows
idoval:org.mitre.oval:def:281
statusaccepted
submitted2003-11-26T12:00:00.000-04:00
titleCache Path Disclosure via Windows Media Player
version68

References