CVSS: 5.5EPSS: 28%CPEs: 2EXPL: 2CVE-2010-0718 – Microsoft Windows Media Player 11.0.5721.5145 - '.mpg' Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-0718
26 Feb 2010 — Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file. Desbordamiento de búfer en Microsoft Windows Media Player 9 y v11.0.5721.5145, permite a atacantes remotos provocar una denegación de servicio (división entre 0 y caída de aplicación) a través de un fichero .mpg manipulado. • https://www.exploit-db.com/exploits/11531 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 27%CPEs: 8EXPL: 0CVE-2009-4309 – Microsoft Windows Intel Indeo Codec Parsing Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-4309
08 Dec 2009 — Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file. Desbordamiento del búfer de la memoria dinámica en el codec Intel Indeo41 para Windows Media Player en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 permite a atacantes remotos ejecutar código ar... • http://secunia.com/advisories/37592 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 27%CPEs: 8EXPL: 0CVE-2009-4310 – Microsoft Windows Intel Indeo Codec Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-4310
08 Dec 2009 — Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file. Desbordamiento del búfer de la pila en el codec Intel Indeo41 codec para Windows Media Player en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 permite a atacan... • http://secunia.com/advisories/37592 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 58%CPEs: 20EXPL: 0CVE-2009-2525
https://notcve.org/view.php?id=CVE-2009-2525
14 Oct 2009 — Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability." Microsoft Windows Media Runtime, usado en DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder y Au... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 62%CPEs: 7EXPL: 0CVE-2009-2527
https://notcve.org/view.php?id=CVE-2009-2527
14 Oct 2009 — Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability." Desbordamiento de búfer basado en memoria dinámica (heap) en Microsoft Windows Media Player v6.4, permite a atacantes remotos ejecutar código de su elección a través de un archivo ASF manipulado o (2) a través de un contenido para difusión (streaming) manipulado, también conocida como "Vulnerabil... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 60%CPEs: 23EXPL: 0CVE-2009-0555 – Microsoft Windows Media Player Audio Voice Sample Rate Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-0555
13 Oct 2009 — Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." Microsoft Windows Media Runtime, como se utiliza en DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, y Audi... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 71%CPEs: 2EXPL: 4CVE-2009-2484 – VideoLAN VLC Media Player 0.9.9 - 'smb://' URI Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-2484
16 Jul 2009 — Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file. Desbordamiento de búfer basado en pila en la función Win32AddConnection en modules/access/smb.c en VideoLAN VLC media player v0.9.9, cuando se ejecuta en Microsoft Windows, permite a los atacantes remotos c... • https://www.exploit-db.com/exploits/9029 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 26%CPEs: 1EXPL: 2CVE-2009-1331 – Microsoft Windows Media Player - '.mid' Integer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-1331
17 Apr 2009 — Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid. Desbordamiento de entero en Microsoft Windows Media Player (WMP) 11.0.5721.5260, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante un fichero .mid manipulado, como es demostrado por crash.mid. • https://www.exploit-db.com/exploits/8445 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 46%CPEs: 3EXPL: 3CVE-2008-5745 – Microsoft Windows Media Player - '.wav' Remote Crash (PoC)
https://notcve.org/view.php?id=CVE-2008-5745
29 Dec 2008 — Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927. Desbordamiento de entero en Microsoft Windows Media Player 9, 10 y 11, permite a atacantes remotos ejecu... • https://www.exploit-db.com/exploits/7585 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 41%CPEs: 53EXPL: 0CVE-2008-3009
https://notcve.org/view.php?id=CVE-2008-3009
10 Dec 2008 — Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." Microsoft Windows Media Player v6.4, Windows Media Format Runtime v7.1 a v11, y Windows Media Services v4.1, v9, y 2008 no usan apropiadamen... • http://secunia.com/advisories/33058 • CWE-255: Credentials Management Errors •