CVE-2002-1847

Name of the Vulnerable Software and Affected Versions Microsoft Windows Media Player versions 6.3 through 7.1

Description A buffer overflow issue exists in the mplay32.exe component, potentially allowing remote attackers to execute arbitrary commands. This is achieved by providing a long mp3 filename as a command line argument. It's noted that the known attack vector requires command line access, which may limit the vulnerability's impact.

Recommendations For Microsoft Windows Media Player versions 6.3 through 7.1, consider restricting access to the command line argument that accepts mp3 filenames to minimize the risk of exploitation. As a temporary workaround, avoid using long mp3 filenames as command line arguments until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.