CVSS: 10.0EPSS: 41%CPEs: 10EXPL: 0CVE-2008-3010
https://notcve.org/view.php?id=CVE-2008-3010
10 Dec 2008 — Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 hasta 11, y Windows Media Services 4.1 y 9 incorrectamente asociado... • http://secunia.com/advisories/33058 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 25%CPEs: 3EXPL: 1CVE-2008-4927
https://notcve.org/view.php?id=CVE-2008-4927
04 Nov 2008 — Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Microsoft Windows Media Player (WMP) v9.0 hasta v11 permite a atacantes asistidos por el usuario local provocar una denegación de servicio (caída de la aplicación) a través de ficheros (1) ... • http://www.securityfocus.com/bid/32077 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 42%CPEs: 7EXPL: 0CVE-2008-2253
https://notcve.org/view.php?id=CVE-2008-2253
10 Sep 2008 — Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability." Vulnerabilidad sin especificar en Microsoft Windows Media Player 11, permite a atacantes remotos ejecutar código de su elección a través de un archivo "audio-only" manipulado cuyo origen del flujo es un Server-Side Playlist (SSPL) sobre... • http://marc.info/?l=bugtraq&m=122235754013992&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 8%CPEs: 2EXPL: 0CVE-2008-2430
https://notcve.org/view.php?id=CVE-2008-2430
07 Jul 2008 — Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. Desbordamiento de entero en la Función Open en modules/demux/wav.c en VLC Media Player 0.8.6h ejecutado sobre Windows, permite a atacantes remotos ejecutar código de su elección a través de un fragmento fmt de gran tamaño en un archivo WAV. • http://secunia.com/advisories/30601 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 9%CPEs: 2EXPL: 2CVE-2008-0296 – Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0296
16 Jan 2008 — Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. Desbordamiento de búfer basado en montículo en el plugin libaccess_realrtsp de VideoLAN VLC Media Player 0.8.6d y versiones anteriores en Windows, podría permitir a servidores RTSP remotos provocar una denegación de servicio (caída de aplicación) ó ejecutar código de... • https://www.exploit-db.com/exploits/5498 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 56%CPEs: 3EXPL: 2CVE-2007-6401 – Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow
https://notcve.org/view.php?id=CVE-2007-6401
17 Dec 2007 — Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402. Desbordamiento de búfer basado en pila en mplayer2.exe en Microsoft Windows Media Player (WMP) 6.4, cuando es usado con el codec 3ivx 4.5.1 o 5.0.1, permite a atacantes remotos ejecutar código de su elección mediante cierto fichero .mp4, posiblemente un asunt... • https://www.exploit-db.com/exploits/4702 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 36%CPEs: 1EXPL: 2CVE-2007-6236 – Microsoft Windows Media Player - '.AIFF' Divide By Zero Exception Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2007-6236
04 Dec 2007 — Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff. Microsoft Windows Media Player (WMP) permite a atacantes remotos provocar denegación de servicio (caida de aplicación) a través de un cierto archivo AIFF que dispara un error de división por cero, como se demostró con kr.aiff. • https://www.exploit-db.com/exploits/4682 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 27%CPEs: 2EXPL: 0CVE-2007-5095
https://notcve.org/view.php?id=CVE-2007-5095
26 Sep 2007 — Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file. Microsoft Windows Media Player (WMP) 9 sobre Windows XP SP2 llama a Internet Explorer en documentos HTML presentados dentro de algunos archivos ... • http://osvdb.org/41093 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 52%CPEs: 4EXPL: 0CVE-2007-3035 – Microsoft Windows Media Player Malformed Skin Header Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2007-3035
14 Aug 2007 — Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins." Una Vulnerabilidad no especificada en Microsoft Windows Media Player versiones 7.1, 9, 10 y 11 permite a atacantes remotos ejecutar código arbitrario por medio de un archivo skin (WMZ o WMD) con... • http://secunia.com/advisories/26433 •
CVSS: 7.8EPSS: 59%CPEs: 4EXPL: 0CVE-2007-3037 – Microsoft Windows Media Player Skin Parsing Size Mismatch Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-3037
14 Aug 2007 — Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins." Microsoft Windows Media Player versiones 7.1, 9, 10 y 11 permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo skin (WMZ o WMD) con informa... • http://secunia.com/advisories/26433 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •