CVSS: 5.5EPSS: 50%CPEs: 1EXPL: 2CVE-2007-4288 – Microsoft Windows Media Player 11 - AU Divide-by-Zero Denial of Service
https://notcve.org/view.php?id=CVE-2007-4288
09 Aug 2007 — Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au. Microsoft Windows Media Player 11 (wmplayer.exe) permite a atacantes remotos con la complicidad del usuario provocar una denegación de servicio (caída de aplicación) mediante un fichero .au manipulado que dispara un error de división por cero, como se demuestra con iapetus.au. • https://www.exploit-db.com/exploits/30462 •
CVSS: 5.5EPSS: 43%CPEs: 2EXPL: 2CVE-2006-6601 – Microsoft Windows Media Player 6.4/10.0 - MID Malformed Header Chunk Denial of Service
https://notcve.org/view.php?id=CVE-2006-6601
15 Dec 2006 — Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0. Windows Media Player 10.00.00.4036 en Microsoft Windows XP SP2 permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio mediante un archivo .MID (MIDI) con un trozo de cabecera ... • https://www.exploit-db.com/exploits/29285 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 55%CPEs: 4EXPL: 0CVE-2006-4702
https://notcve.org/view.php?id=CVE-2006-4702
13 Dec 2006 — Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. Desbordamiento de Búfer en el Windows Media Format Runtime del Microsoft Windows Media Player (WMP) 6.4 y Windows XP SP2, Server 2003, y Server 2003 SP1 permite a atacantes remotos ejecutar código de su elección a través de la modificación del fichero Advanced Sy... • http://securitytracker.com/id?1017372 •
CVSS: 8.8EPSS: 68%CPEs: 1EXPL: 1CVE-2006-6134
https://notcve.org/view.php?id=CVE-2006-6134
28 Nov 2006 — Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file. Desbordamiento de búfer basado en montículo en la función WMCheckURLScheme de WMVCORE.DLL en Microsoft Windows Media Player (WMP) ... • http://blogs.technet.com/msrc/archive/2006/12/07/public-proof-of-concept-code-for-asx-file-format-isssue.aspx • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 69%CPEs: 2EXPL: 0CVE-2006-0025
https://notcve.org/view.php?id=CVE-2006-0025
13 Jun 2006 — Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size. • http://secunia.com/advisories/20626 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 73%CPEs: 11EXPL: 3CVE-2006-0006 – Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005)
https://notcve.org/view.php?id=CVE-2006-0006
14 Feb 2006 — Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data. • https://www.exploit-db.com/exploits/1500 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 55%CPEs: 1EXPL: 0CVE-2005-2128
https://notcve.org/view.php?id=CVE-2005-2128
11 Oct 2005 — QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value. • http://secunia.com/advisories/17160 •
CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 0CVE-2005-1574
https://notcve.org/view.php?id=CVE-2005-1574
14 May 2005 — Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the "Acquire licenses automatically for protected content" setting is not enabled. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3B892313 •
CVSS: 8.8EPSS: 16%CPEs: 1EXPL: 2CVE-2004-1324 – Microsoft Windows Media Player 9.0 - ActiveX Control Media File Attribute Corruption
https://notcve.org/view.php?id=CVE-2004-1324
18 Dec 2004 — The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer. • https://www.exploit-db.com/exploits/25031 •
CVSS: 5.0EPSS: 44%CPEs: 1EXPL: 2CVE-2004-1325 – Microsoft Windows Media Player 9.0 - ActiveX Control File Enumeration
https://notcve.org/view.php?id=CVE-2004-1325
18 Dec 2004 — The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system. • https://www.exploit-db.com/exploits/25032 •