9 results (0.013 seconds)

CVSS: 9.3EPSS: 14%CPEs: 10EXPL: 0

Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability." Microsoft Windows Media Player 10 hasta 12 permite a atacantes remotos ejecutar código a través de un DataObject manipulado en un sitio web, también conocido como 'vulnerabilidad de DataObject a través de RCE Windows Media Player.' • http://www.securitytracker.com/id/1032522 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-057 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1200 • CWE-17: DEPRECATED: Code •

CVSS: 9.3EPSS: 94%CPEs: 28EXPL: 1

Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability." Microsoft Windows Media Player (WMP) v9 hasta v12 no asigna adecuadamente ojetos durante la acción de recarga de buscador, lo que permite a atacantes asistidos por usuarios remotos ejecutar código de su elección a través de contenido desferenciado media manipulado en un documento HTML, también conocido como "Vulnerabilidad de corrupción de memoria Windows Media Player". • https://www.exploit-db.com/exploits/15242 http://www.securitytracker.com/id?1024550 http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-082 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6653 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2

Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file. Desbordamiento de búfer en Microsoft Windows Media Player 9 y v11.0.5721.5145, permite a atacantes remotos provocar una denegación de servicio (división entre 0 y caída de aplicación) a través de un fichero .mpg manipulado. • https://www.exploit-db.com/exploits/11531 http://www.exploit-db.com/exploits/11531 https://exchange.xforce.ibmcloud.com/vulnerabilities/56435 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 18%CPEs: 3EXPL: 3

Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927. Desbordamiento de entero en Microsoft Windows Media Player 9, 10 y 11, permite a atacantes remotos ejecutar código de su elección a través de ficheros (1) WAV, (2) SND, o (3) MID manipulados. NOTA: no está claro si esta vulnerabilidad está relacionada con el CVE-2008-4927 o CVE-2008-2253. • https://www.exploit-db.com/exploits/7585 https://www.exploit-db.com/exploits/32684 http://securityreason.com/securityalert/4823 http://www.securityfocus.com/archive/1/499579/100/0/threaded http://www.securityfocus.com/bid/33018 http://www.securitytracker.com/id?1021495 https://exchange.xforce.ibmcloud.com/vulnerabilities/47664 • CWE-189: Numeric Errors •

CVSS: 4.3EPSS: 94%CPEs: 3EXPL: 1

Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Microsoft Windows Media Player (WMP) v9.0 hasta v11 permite a atacantes asistidos por el usuario local provocar una denegación de servicio (caída de la aplicación) a través de ficheros (1) MIDO o (2) DAT mal formados. Está relacionado con "La validación de cabeceras MThd". NOTA: El origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • http://www.securityfocus.com/bid/32077 http://www.securityfocus.com/data/vulnerabilities/exploits/32077.py • CWE-20: Improper Input Validation •