Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.00482Percentile:
0.64199
CVSS Scoring
CVSS v3.1 Score: 7.8
Severity: HIGH
Mapped CWE(s)
CWE-276
: Incorrect Default Permissions
All CAPEC(s)
CAPEC-1 : Accessing Functionality Not Properly Constrained by ACLs
CAPEC-127 : Directory Indexing
CAPEC-81 : Web Server Logs Tampering
CAPEC(s) with Mapped TTPs
CAPEC-1 : Accessing Functionality Not Properly Constrained by ACLs
Mapped TTPs:
T1574.010
: Services File Permissions Weakness
CAPEC-127 : Directory Indexing
Mapped TTPs:
T1083
: File and Directory Discovery
Mapped ATT&CK TTPs
T1574.010
: Services File Permissions Weakness
Kill Chain: persistence
T1083
: File and Directory Discovery
Kill Chain: discovery
Malware
APTs Threat Group Associations
Campaigns
Operation Wocao SolarWinds Compromise Operation CuckooBees Operation Honeybee Operation Dream Job C0015 Night Dragon KV Botnet Activity
Affected Products
cpe:2.3:a:microsoft:windows_media_player:6.3:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me