Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1847 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows Media Player

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

11.7%

top 6.29%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows Media Player

Timeline

PublishedDec 31

Latest updateApr 30

Description

Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/windows_media_player4 versions+3

🔴Vulnerability Details

GHSA

GHSA-hph4-73fg-9q9f: Buffer overflow in mplay32↗2022-04-30

▶

CVEList

CVE-2002-1847: Buffer overflow in mplay32↗2005-06-28

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows Media Player 6/7 - Filename Buffer Overflow↗2002-07-30

▶