CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2010-0718 – Microsoft Windows Media Player 11.0.5721.5145 - '.mpg' Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-0718
Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file. Desbordamiento de búfer en Microsoft Windows Media Player 9 y v11.0.5721.5145, permite a atacantes remotos provocar una denegación de servicio (división entre 0 y caída de aplicación) a través de un fichero .mpg manipulado. • https://www.exploit-db.com/exploits/11531 http://www.exploit-db.com/exploits/11531 https://exchange.xforce.ibmcloud.com/vulnerabilities/56435 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 18%CPEs: 8EXPL: 0CVE-2009-4310 – Microsoft Windows Intel Indeo Codec Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-4310
Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file. Desbordamiento del búfer de la pila en el codec Intel Indeo41 codec para Windows Media Player en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 permite a atacantes remotos ejecutar código arbitrario a través de datos de vídeo comprimidos debidamente manipulados en un stream en un fichero multimedia que lleve a demasiadas iteraciones, como se demuestra con un fichero AVI. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Intel Indeo41 codec which is accessed by various applications through the Video Compression Manager. This codec is registered to handle IV41 streams within a container such as the AVI format. • http://secunia.com/advisories/37592 http://securitytracker.com/id?1023302 http://support.microsoft.com/kb/954157 http://support.microsoft.com/kb/955759 http://support.microsoft.com/kb/976138 http://www.microsoft.com/technet/security/advisory/954157.mspx http://www.osvdb.org/60856 http://www.securityfocus.com/archive/1/508335/100/0/threaded http://www.securityfocus.com/bid/37251 http://www.vupen.com/english/advisories/2009/3440 http://zerodayinitiative.com/advisories/ZDI-09& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 18%CPEs: 8EXPL: 0CVE-2009-4309 – Microsoft Windows Intel Indeo Codec Parsing Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-4309
Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file. Desbordamiento del búfer de la memoria dinámica en el codec Intel Indeo41 para Windows Media Player en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 permite a atacantes remotos ejecutar código arbitrario a través de un valor grande de tamaño en una grabación de película en un stream IV41 en un fichero multimedia, como se demuestra en un fichero AVI. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Intel Indeo41 codec which is accessed by various applications through the Video Compression Manager. This codec is registered to handle IV41 streams within a container such as the AVI format. • http://secunia.com/advisories/37592 http://securitytracker.com/id?1023302 http://support.microsoft.com/kb/954157 http://support.microsoft.com/kb/955759 http://support.microsoft.com/kb/976138 http://www.microsoft.com/technet/security/advisory/954157.mspx http://www.osvdb.org/60855 http://www.securityfocus.com/archive/1/508324/100/0/threaded http://www.securityfocus.com/bid/37251 http://www.vupen.com/english/advisories/2009/3440 http://zerodayinitiative.com/advisories/ZDI-09& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 80%CPEs: 7EXPL: 0CVE-2009-2527
https://notcve.org/view.php?id=CVE-2009-2527
Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability." Desbordamiento de búfer basado en memoria dinámica (heap) en Microsoft Windows Media Player v6.4, permite a atacantes remotos ejecutar código de su elección a través de un archivo ASF manipulado o (2) a través de un contenido para difusión (streaming) manipulado, también conocida como "Vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) WMP". • http://www.us-cert.gov/cas/techalerts/TA09-286A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6184 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 78%CPEs: 20EXPL: 0CVE-2009-2525
https://notcve.org/view.php?id=CVE-2009-2525
Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability." Microsoft Windows Media Runtime, usado en DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder y Audio Compression Manager (ACM), no inicializa adecuadamente funciones que no se han especificado, en los archivos de audio comprimidos, lo que permite a atacantes remotos ejecutar código de su elección a través (1) de un archivo multimedia manipulado o (2) mediante un contenido de difusión (streaming). También conocida como "Vulnerabilidad de Windows Media Runtime Heap Corruption". • http://www.us-cert.gov/cas/techalerts/TA09-286A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6484 • CWE-94: Improper Control of Generation of Code ('Code Injection') •