CVSS: 7.8EPSS: 16%CPEs: 17EXPL: 0CVE-2014-4060 – Microsoft Windows Media Center CSyncBasePlayer Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-4060
12 Aug 2014 — Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to execute arbitrary code via a crafted Office document that triggers deletion of a CSyncBasePlayer object, aka "CSyncBasePlayer Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en MCPlayer.dll en Microsoft Windows Media Center TV Pack para Windows Vista, Windows 7 SP1, y Windows Media Center ... • http://secunia.com/advisories/60671 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 30%CPEs: 7EXPL: 0CVE-2011-2009
https://notcve.org/view.php?id=CVE-2011-2009
12 Oct 2011 — Untrusted search path vulnerability in Windows Media Center in Microsoft Windows Vista SP2 and Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista, allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Media Center Insecure Library Loading Vulnerability." Una vulnerabilidad de ruta de búsqueda no confiable en Windows Media Center de Microsoft Windows Vista SP2 y Windows 7 Gold y SP1, y Windows Media Center TV Pack para Windows Vista, permi... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-076 •
CVSS: 9.3EPSS: 57%CPEs: 11EXPL: 0CVE-2011-0042
https://notcve.org/view.php?id=CVE-2011-0042
09 Mar 2011 — SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability." SBE.dll de Stream Buffer Engine de Windows Media Player y Windows Media Cente... • http://osvdb.org/71016 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 43%CPEs: 9EXPL: 0CVE-2011-0032
https://notcve.org/view.php?id=CVE-2011-0032
09 Mar 2011 — Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability." Vulnerabilidad de ruta de búsqu... • http://osvdb.org/71015 •