CVSS: 9.3EPSS: 91%CPEs: 10EXPL: 0CVE-2010-1879
https://notcve.org/view.php?id=CVE-2010-1879
Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability." Vulnerabilidad no especificada en Quartz.dll para DirectShow, Windows Media Format Runtime v9, v9.5 y v11; Media Encoder v9, y el componente COM Asycfilt.dll permite a atacantes remotos ejecutar código a su elección a través de un archivo multimedia con datos de compresión manipulados, también conocido como "Vulnerabilidad de descompresión Multimedia". • http://www.us-cert.gov/cas/techalerts/TA10-159B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7517 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 94%CPEs: 1EXPL: 1CVE-2007-4336 – Microsoft DXMedia SDK 6 - 'SourceUrl' ActiveX Remote Code Execution
https://notcve.org/view.php?id=CVE-2007-4336
Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value. Desbordamiento de búfer en el control ActiveX Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) de DXTLIPI.DLL 6.0.2.827, como el empaquetado en Microsoft DirectX Media 6.0 SDK, permite a atacantes remotos ejecutar código de su elección mediante valor de la propiedad SourceUrl largo. • https://www.exploit-db.com/exploits/4279 http://osvdb.org/36399 http://secunia.com/advisories/26426 http://www.kb.cert.org/vuls/id/466601 http://www.securityfocus.com/bid/25279 http://www.securitytracker.com/id?1018551 http://www.vupen.com/english/advisories/2007/2857 https://exchange.xforce.ibmcloud.com/vulnerabilities/35970 •