CVE-2002-1844 — Incorrect Default Permissions in Microsoft Windows Media Player

CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.5%

top 34.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Media Player

Timeline

PublishedDec 31

Latest updateApr 30

Description

Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDmicrosoft/windows_media_player6.3

🔴Vulnerability Details

GHSA

GHSA-qr34-449v-3mf6: Microsoft Windows Media Player (WMP) 6↗2022-04-30

▶

CVEList

CVE-2002-1844: Microsoft Windows Media Player (WMP) 6↗2005-06-28

▶