CVSS: 9.3EPSS: 75%CPEs: 23EXPL: 0CVE-2009-0555 – Microsoft Windows Media Player Audio Voice Sample Rate Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-0555
Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." Microsoft Windows Media Runtime, como se utiliza en DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, y Audio Compression Manager (ACM), no accede correctamente a los ficheros ASF, lo que permite a atacantes remotos ejecutar código arbitrario a través de un fichero de audio manipulado que utiliza el codec Windows Media Speech, también conocido como "Vulnerabilidad de Windows Media Runtime Voice Sample Rate". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The specific flaw exists in the handling of Windows media audio files. When specifying a malicious sample rate for a Windows Media Voice frame, memory corruption can occur. • http://www.us-cert.gov/cas/techalerts/TA09-286A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 96%CPEs: 2EXPL: 4CVE-2009-2484 – VideoLAN VLC Media Player 0.9.9 - 'smb://' URI Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-2484
Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file. Desbordamiento de búfer basado en pila en la función Win32AddConnection en modules/access/smb.c en VideoLAN VLC media player v0.9.9, cuando se ejecuta en Microsoft Windows, permite a los atacantes remotos causar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código arbitrario a través de una smb URI larga en un archivo de lista de reproducción. • https://www.exploit-db.com/exploits/9029 https://www.exploit-db.com/exploits/16678 http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=e60a9038b13b5eb805a76755efc5c6d5e080180f http://secunia.com/advisories/35558 http://www.exploit-db.com/exploits/9029 http://www.securityfocus.com/bid/35500 http://www.vupen.com/english/advisories/2009/1714 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14800 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 1EXPL: 2CVE-2009-1331 – Microsoft Windows Media Player - '.mid' Integer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-1331
Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid. Desbordamiento de entero en Microsoft Windows Media Player (WMP) 11.0.5721.5260, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante un fichero .mid manipulado, como es demostrado por crash.mid. • https://www.exploit-db.com/exploits/8445 http://osvdb.org/53804 http://www.securityfocus.com/bid/34534 • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 18%CPEs: 3EXPL: 3CVE-2008-5745 – Microsoft Windows Media Player - '.wav' Remote Crash (PoC)
https://notcve.org/view.php?id=CVE-2008-5745
Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927. Desbordamiento de entero en Microsoft Windows Media Player 9, 10 y 11, permite a atacantes remotos ejecutar código de su elección a través de ficheros (1) WAV, (2) SND, o (3) MID manipulados. NOTA: no está claro si esta vulnerabilidad está relacionada con el CVE-2008-4927 o CVE-2008-2253. • https://www.exploit-db.com/exploits/7585 https://www.exploit-db.com/exploits/32684 http://securityreason.com/securityalert/4823 http://www.securityfocus.com/archive/1/499579/100/0/threaded http://www.securityfocus.com/bid/33018 http://www.securitytracker.com/id?1021495 https://exchange.xforce.ibmcloud.com/vulnerabilities/47664 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 19%CPEs: 10EXPL: 0CVE-2008-3010
https://notcve.org/view.php?id=CVE-2008-3010
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 hasta 11, y Windows Media Services 4.1 y 9 incorrectamente asociados a direcciones ISATAP con la zona Intranet local, el cual permite a los servidores remotos capturar credenciales NTLM, y ejecutar arbitrariamente código a través de un ataque "credential-reflection", enviado una petición de autenticación, alias "Vulnerabilidad ISATAP ". • http://secunia.com/advisories/33058 http://www.securityfocus.com/bid/32654 http://www.securitytracker.com/id?1021374 http://www.securitytracker.com/id?1021375 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3388 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-076 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5689 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •