Vulnerabilities > CVE-2002-0373 - Privilege Escalation vulnerability in Microsoft Windows Media Player 7.1

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
microsoft
nessus

Summary

The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".

Vulnerable Configurations

Part Description Count
Application
Microsoft
1

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS02-032.NASL
descriptionThe remote version of Windows Media Player is affected by various flaws : - A remote attacker may be able to execute arbitrary code when sending a badly formed file. - A local attacker may gain SYSTEM privileges.
last seen2017-10-29
modified2017-08-30
plugin id11302
published2003-03-01
reporterTenable
sourcehttps://www.tenable.com/plugins/index.php?view=single&id=11302
titleMS02-032: Cumulative patch for Windows Media Player (320920)
code
#%NASL_MIN_LEVEL 999999

#
# (C) Tenable Network Security, Inc.
#

# Fixed in Windows XP SP1
#
# Vulnerable versions :
# 	Media Player in Windows XP preSP1
# 	Media Player 6.4
#	Media Player 7.1
#
# Supercedes MS01-056
#
# @DEPRECATED@

include("compat.inc");

if (description)
{
 script_id(11302);
 script_version("1.38");
 script_cvs_date("Date: 2018/08/13 14:32:39");

 script_cve_id("CVE-2002-0372", "CVE-2002-0373", "CVE-2002-0615");
 script_bugtraq_id(5107, 5109, 5110);
 script_xref(name:"MSFT", value:"MS02-032");
 script_xref(name:"MSKB", value:"320920");

 script_name(english:"MS02-032: Cumulative patch for Windows Media Player (320920)");
 script_summary(english:"Checks the version of Media Player");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through the media
player.");
 script_set_attribute(attribute:"description", value:
"The remote version of Windows Media Player is affected by various flaws :

  - A remote attacker may be able to execute arbitrary code
    when sending a badly formed file.

  - A local attacker may gain SYSTEM privileges.");
 script_set_attribute(attribute:"see_also", value:"https://technet.microsoft.com/library/security/ms02-032");
 script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows XP.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");

 script_set_attribute(attribute:"vuln_publication_date", value:"2002/04/08");
 script_set_attribute(attribute:"patch_publication_date", value:"2002/06/26");
 script_set_attribute(attribute:"plugin_publication_date", value:"2003/03/01");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:windows_media_player");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl");
 script_require_keys("SMB/Registry/Enumerated");
 script_require_ports(139, 445);
 exit(0);
}

# FP -> superseded by many other patches.
exit(0);