CVE-2007-3037 – Microsoft Windows Media Player Skin Parsing Size Mismatch Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-3037
Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins." Microsoft Windows Media Player versiones 7.1, 9, 10 y 11 permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo skin (WMZ o WMD) con información de encabezado creada que causa una falta de coincidencia de tamaño entre los datos comprimidos y descomprimidos y desencadena un desbordamiento de búfer en la región heap de la memoria, también se conoce como "Windows Media Player Code Execution Vulnerability Parsing Skins." This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of malformed skin files (WMZ). A size compressed / decompressed size mismatch can result in an under allocated heap buffer which can be leveraged by an attacker to eventually execute arbitrary code under the context of the current user. • http://secunia.com/advisories/26433 http://securitytracker.com/id?1018565 http://www.osvdb.org/36385 http://www.securityfocus.com/archive/1/476533/100/0/threaded http://www.securityfocus.com/bid/25307 http://www.us-cert.gov/cas/techalerts/TA07-226A.html http://www.vupen.com/english/advisories/2007/2871 http://www.zerodayinitiative.com/advisories/ZDI-07-046.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-047 https://oval.cisecurity.org/rep • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-3035 – Microsoft Windows Media Player Malformed Skin Header Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2007-3035
Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins." Una Vulnerabilidad no especificada en Microsoft Windows Media Player versiones 7.1, 9, 10 y 11 permite a atacantes remotos ejecutar código arbitrario por medio de un archivo skin (WMZ o WMD) con información de encabezado creada que no es manejada apropiadamente durante la descompresión, también se conoce como "Windows Media Player Code Execution Vulnerability Decompressing Skins." This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists while decompressing skin files (.WMZ and .WMD) with malformed headers. During this process the malformed values are used to improperly calculate data which can later allow an attacker to execute code under the rights of the current user. • http://secunia.com/advisories/26433 http://securitytracker.com/id?1018565 http://www.securityfocus.com/archive/1/476548/100/0/threaded http://www.securityfocus.com/bid/25305 http://www.us-cert.gov/cas/techalerts/TA07-226A.html http://www.vupen.com/english/advisories/2007/2871 http://www.zerodayinitiative.com/advisories/ZDI-07-047.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-047 https://exchange.xforce.ibmcloud.com/vulnerabilities/35895 https:/& •