CVE-2002-0372

Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player".

Published: Jul 3, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-0372
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / windows_media_player	7.1	7.1.x
microsoft / windows_media_player	6.4	6.4.x

http://www.iss.net/security_center/static/9420.php
http://www.securityfocus.com/bid/5107
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-032
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A281

Vulnerability Database

289,697

CVE-2002-0372