Page 2 of 25 results (0.004 seconds)

CVSS: 7.6EPSS: 79%CPEs: 4EXPL: 0

Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins." Una Vulnerabilidad no especificada en Microsoft Windows Media Player versiones 7.1, 9, 10 y 11 permite a atacantes remotos ejecutar código arbitrario por medio de un archivo skin (WMZ o WMD) con información de encabezado creada que no es manejada apropiadamente durante la descompresión, también se conoce como "Windows Media Player Code Execution Vulnerability Decompressing Skins." This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists while decompressing skin files (.WMZ and .WMD) with malformed headers. During this process the malformed values are used to improperly calculate data which can later allow an attacker to execute code under the rights of the current user. • http://secunia.com/advisories/26433 http://securitytracker.com/id?1018565 http://www.securityfocus.com/archive/1/476548/100/0/threaded http://www.securityfocus.com/bid/25305 http://www.us-cert.gov/cas/techalerts/TA07-226A.html http://www.vupen.com/english/advisories/2007/2871 http://www.zerodayinitiative.com/advisories/ZDI-07-047.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-047 https://exchange.xforce.ibmcloud.com/vulnerabilities/35895 https:/& •

CVSS: 6.8EPSS: 62%CPEs: 4EXPL: 0

Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. Desbordamiento de Búfer en el Windows Media Format Runtime del Microsoft Windows Media Player (WMP) 6.4 y Windows XP SP2, Server 2003, y Server 2003 SP1 permite a atacantes remotos ejecutar código de su elección a través de la modificación del fichero Advanced Systems Format (ASF). • http://securitytracker.com/id?1017372 http://support.avaya.com/elmodocs2/security/ASA-2006-274.htm http://www.securityfocus.com/archive/1/454969/100/200/threaded http://www.securityfocus.com/bid/21505 http://www.us-cert.gov/cas/techalerts/TA06-346A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-078 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A536 •

CVSS: 9.3EPSS: 95%CPEs: 11EXPL: 3

Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data. • https://www.exploit-db.com/exploits/1500 https://www.exploit-db.com/exploits/1502 http://secunia.com/advisories/18835 http://securityreason.com/securityalert/423 http://securitytracker.com/id?1015627 http://www.eeye.com/html/research/advisories/AD20060214.html http://www.kb.cert.org/vuls/id/291396 http://www.securityfocus.com/archive/1/424983/100/0/threaded http://www.securityfocus.com/archive/1/425158/100/0/threaded http://www.securityfocus.com/bid/16633 http://w • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.1EPSS: 0%CPEs: 4EXPL: 0

The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions. • http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B828026 http://www.kb.cert.org/vuls/id/222044 https://exchange.xforce.ibmcloud.com/vulnerabilities/13375 •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL. Windows Media Player (WMP) 7 y 8, corriendo en Internet Explorer y posiblemente otros productos de Microsoft que procesan HTML, permite a atacantes remotos saltarse restricciones de zona y acceder o ejecutar ficheros arbitrarios mediante una etiqueta IFRAME apuntando a un fichero ADF cuyo "Content-location" contiene una URL de tipo "File://". • http://marc.info/?l=bugtraq&m=105899261818572&w=2 http://marc.info/?l=bugtraq&m=105906867322856&w=2 http://marc.info/?l=ntbugtraq&m=105899408520292&w=2 http://marc.info/?l=ntbugtraq&m=105906261314411&w=2 http://www.malware.com/once.again%21.html http://www.pivx.com/larholm/unpatched •