CVSS: 10.0EPSS: 41%CPEs: 53EXPL: 0CVE-2008-3009
https://notcve.org/view.php?id=CVE-2008-3009
10 Dec 2008 — Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." Microsoft Windows Media Player v6.4, Windows Media Format Runtime v7.1 a v11, y Windows Media Services v4.1, v9, y 2008 no usan apropiadamen... • http://secunia.com/advisories/33058 • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 52%CPEs: 4EXPL: 0CVE-2007-3035 – Microsoft Windows Media Player Malformed Skin Header Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2007-3035
14 Aug 2007 — Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins." Una Vulnerabilidad no especificada en Microsoft Windows Media Player versiones 7.1, 9, 10 y 11 permite a atacantes remotos ejecutar código arbitrario por medio de un archivo skin (WMZ o WMD) con... • http://secunia.com/advisories/26433 •
CVSS: 7.8EPSS: 59%CPEs: 4EXPL: 0CVE-2007-3037 – Microsoft Windows Media Player Skin Parsing Size Mismatch Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-3037
14 Aug 2007 — Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins." Microsoft Windows Media Player versiones 7.1, 9, 10 y 11 permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo skin (WMZ o WMD) con informa... • http://secunia.com/advisories/26433 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 73%CPEs: 11EXPL: 3CVE-2006-0006 – Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005)
https://notcve.org/view.php?id=CVE-2006-0006
14 Feb 2006 — Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data. • https://www.exploit-db.com/exploits/1500 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 11%CPEs: 4EXPL: 0CVE-2003-1107
https://notcve.org/view.php?id=CVE-2003-1107
31 Dec 2003 — The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions. • http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B828026 •
CVSS: 8.8EPSS: 8%CPEs: 2EXPL: 0CVE-2003-0604
https://notcve.org/view.php?id=CVE-2003-0604
29 Jul 2003 — Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL. Windows Media Player (WMP) 7 y 8, corriendo en Internet Explorer y posiblemente otros productos de Microsoft que procesan HTML, permite a atacantes remotos saltarse restricciones de zona y acceder o ejecutar ... • http://marc.info/?l=bugtraq&m=105899261818572&w=2 •
CVSS: 8.8EPSS: 72%CPEs: 2EXPL: 2CVE-2003-0228 – Microsoft Windows Media Player 7.1 - Skin File Code Execution
https://notcve.org/view.php?id=CVE-2003-0228
08 May 2003 — Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location. Vulnerabilidad de cruce de directorios en Microsoft Media Player 7.1 y Windows Media Player para Windows XP permite que atacantes remotos ejecuten código arbitrario mediante un fichero de "skins" con una URL... • https://www.exploit-db.com/exploits/22570 •
CVSS: 9.8EPSS: 6%CPEs: 5EXPL: 2CVE-2002-1847 – Microsoft Windows Media Player 6/7 - Filename Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-1847
31 Dec 2002 — Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability. • https://www.exploit-db.com/exploits/21670 •
CVSS: 7.5EPSS: 7%CPEs: 3EXPL: 0CVE-2002-0372
https://notcve.org/view.php?id=CVE-2002-0372
03 Jul 2002 — Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player". Microsoft Windows Media Player versiones 6.4 y 7.1 y Media Player para Windows XP permite a atacantes remotos eludir los mecanismos de seguridad de Internet Explorer's (IE), y ejecu... • http://www.iss.net/security_center/static/9420.php •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2002-0373
https://notcve.org/view.php?id=CVE-2002-0373
03 Jul 2002 — The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service". • http://www.iss.net/security_center/static/9421.php •