Vulnerabilities > CVE-2002-0372 - Path Disclosure vulnerability in Windows Media Player IE Cache
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player".
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS02-032.NASL |
description | The remote version of Windows Media Player is affected by various flaws : - A remote attacker may be able to execute arbitrary code when sending a badly formed file. - A local attacker may gain SYSTEM privileges. |
last seen | 2017-10-29 |
modified | 2017-08-30 |
plugin id | 11302 |
published | 2003-03-01 |
reporter | Tenable |
source | https://www.tenable.com/plugins/index.php?view=single&id=11302 |
title | MS02-032: Cumulative patch for Windows Media Player (320920) |
code |
|
Oval
accepted | 2014-06-30T04:10:59.765-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
description | Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player". | ||||||||||||
family | windows | ||||||||||||
id | oval:org.mitre.oval:def:281 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2003-11-26T12:00:00.000-04:00 | ||||||||||||
title | Cache Path Disclosure via Windows Media Player | ||||||||||||
version | 68 |