CVE-2002-0373 — Microsoft Windows Media Player vulnerability

3 documents3 sources

Severity

7.2HIGHNVD

EPSS

1.9%

top 16.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Media Player

Timeline

PublishedJul 3

Latest updateApr 30

Description

The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windows_media_player7.1

🔴Vulnerability Details

GHSA

GHSA-w298-98jv-f358: The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7↗2022-04-30

▶

CVEList

CVE-2002-0373: The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7↗2003-04-02

▶