Vulnerabilities > CVE-2002-0615 - Unspecified vulnerability in Microsoft Excel and Office

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
nessus
NVD
Published: 2002-07-03
Updated: 2018-10-12

Summary

The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation".

Vulnerable Configurations

Part Description Count
Application
Microsoft
7

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS02-032.NASL
descriptionThe remote version of Windows Media Player is affected by various flaws : - A remote attacker may be able to execute arbitrary code when sending a badly formed file. - A local attacker may gain SYSTEM privileges.
last seen2017-10-29
modified2017-08-30
plugin id11302
published2003-03-01
reporterTenable
sourcehttps://www.tenable.com/plugins/index.php?view=single&id=11302
titleMS02-032: Cumulative patch for Windows Media Player (320920)
code
#%NASL_MIN_LEVEL 999999

#
# (C) Tenable Network Security, Inc.
#

# Fixed in Windows XP SP1
#
# Vulnerable versions :
# 	Media Player in Windows XP preSP1
# 	Media Player 6.4
#	Media Player 7.1
#
# Supercedes MS01-056
#
# @DEPRECATED@

include("compat.inc");

if (description)
{
 script_id(11302);
 script_version("1.38");
 script_cvs_date("Date: 2018/08/13 14:32:39");

 script_cve_id("CVE-2002-0372", "CVE-2002-0373", "CVE-2002-0615");
 script_bugtraq_id(5107, 5109, 5110);
 script_xref(name:"MSFT", value:"MS02-032");
 script_xref(name:"MSKB", value:"320920");

 script_name(english:"MS02-032: Cumulative patch for Windows Media Player (320920)");
 script_summary(english:"Checks the version of Media Player");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through the media
player.");
 script_set_attribute(attribute:"description", value:
"The remote version of Windows Media Player is affected by various flaws :

  - A remote attacker may be able to execute arbitrary code
    when sending a badly formed file.

  - A local attacker may gain SYSTEM privileges.");
 script_set_attribute(attribute:"see_also", value:"https://technet.microsoft.com/library/security/ms02-032");
 script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows XP.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");

 script_set_attribute(attribute:"vuln_publication_date", value:"2002/04/08");
 script_set_attribute(attribute:"patch_publication_date", value:"2002/06/26");
 script_set_attribute(attribute:"plugin_publication_date", value:"2003/03/01");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:windows_media_player");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl");
 script_require_keys("SMB/Registry/Enumerated");
 script_require_ports(139, 445);
 exit(0);
}

# FP -> superseded by many other patches.
exit(0);

References