CVE-2009-0555 – Microsoft Windows Media Player Audio Voice Sample Rate Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-0555
Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." Microsoft Windows Media Runtime, como se utiliza en DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, y Audio Compression Manager (ACM), no accede correctamente a los ficheros ASF, lo que permite a atacantes remotos ejecutar código arbitrario a través de un fichero de audio manipulado que utiliza el codec Windows Media Speech, también conocido como "Vulnerabilidad de Windows Media Runtime Voice Sample Rate". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The specific flaw exists in the handling of Windows media audio files. When specifying a malicious sample rate for a Windows Media Voice frame, memory corruption can occur. • http://www.us-cert.gov/cas/techalerts/TA09-286A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2009-2484 – VideoLAN VLC Media Player 0.9.9 - 'smb://' URI Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-2484
Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file. Desbordamiento de búfer basado en pila en la función Win32AddConnection en modules/access/smb.c en VideoLAN VLC media player v0.9.9, cuando se ejecuta en Microsoft Windows, permite a los atacantes remotos causar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código arbitrario a través de una smb URI larga en un archivo de lista de reproducción. • https://www.exploit-db.com/exploits/9029 https://www.exploit-db.com/exploits/16678 http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=e60a9038b13b5eb805a76755efc5c6d5e080180f http://secunia.com/advisories/35558 http://www.exploit-db.com/exploits/9029 http://www.securityfocus.com/bid/35500 http://www.vupen.com/english/advisories/2009/1714 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14800 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-1331 – Microsoft Windows Media Player - '.mid' Integer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-1331
Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid. Desbordamiento de entero en Microsoft Windows Media Player (WMP) 11.0.5721.5260, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante un fichero .mid manipulado, como es demostrado por crash.mid. • https://www.exploit-db.com/exploits/8445 http://osvdb.org/53804 http://www.securityfocus.com/bid/34534 • CWE-189: Numeric Errors •
CVE-2008-5745 – Microsoft Windows Media Player - '.wav' Remote Crash (PoC)
https://notcve.org/view.php?id=CVE-2008-5745
Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927. Desbordamiento de entero en Microsoft Windows Media Player 9, 10 y 11, permite a atacantes remotos ejecutar código de su elección a través de ficheros (1) WAV, (2) SND, o (3) MID manipulados. NOTA: no está claro si esta vulnerabilidad está relacionada con el CVE-2008-4927 o CVE-2008-2253. • https://www.exploit-db.com/exploits/7585 https://www.exploit-db.com/exploits/32684 http://securityreason.com/securityalert/4823 http://www.securityfocus.com/archive/1/499579/100/0/threaded http://www.securityfocus.com/bid/33018 http://www.securitytracker.com/id?1021495 https://exchange.xforce.ibmcloud.com/vulnerabilities/47664 • CWE-189: Numeric Errors •
CVE-2008-3009
https://notcve.org/view.php?id=CVE-2008-3009
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." Microsoft Windows Media Player v6.4, Windows Media Format Runtime v7.1 a v11, y Windows Media Services v4.1, v9, y 2008 no usan apropiadamente el identificador Service Principal Name (SPN) al validar respuestas a peticiones de autenticación, lo que permite a servidores remotos ejecutar código de su elección mediante vectores que emplean reflexión de credenciales NTLM, alias "Vulnerabilidad SPN". • http://secunia.com/advisories/33058 http://www.securityfocus.com/bid/32653 http://www.securitytracker.com/id?1021372 http://www.securitytracker.com/id?1021373 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3388 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-076 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5942 • CWE-255: Credentials Management Errors •