CVE-2007-6401 – Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow
https://notcve.org/view.php?id=CVE-2007-6401
Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402. Desbordamiento de búfer basado en pila en mplayer2.exe en Microsoft Windows Media Player (WMP) 6.4, cuando es usado con el codec 3ivx 4.5.1 o 5.0.1, permite a atacantes remotos ejecutar código de su elección mediante cierto fichero .mp4, posiblemente un asunto relacionado con CVE-2007-6402. • https://www.exploit-db.com/exploits/4702 http://securityreason.com/securityalert/3453 http://www.securityfocus.com/archive/1/484779/100/0/threaded http://www.securityfocus.com/bid/26773 http://www.securitytracker.com/id?1019064 http://www.vupen.com/english/advisories/2007/4141 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-6236 – Microsoft Windows Media Player - '.AIFF' Divide By Zero Exception Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2007-6236
Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff. Microsoft Windows Media Player (WMP) permite a atacantes remotos provocar denegación de servicio (caida de aplicación) a través de un cierto archivo AIFF que dispara un error de división por cero, como se demostró con kr.aiff. • https://www.exploit-db.com/exploits/4682 http://osvdb.org/43715 http://www.securityfocus.com/bid/26648 https://exchange.xforce.ibmcloud.com/vulnerabilities/38797 • CWE-189: Numeric Errors •
CVE-2007-5095
https://notcve.org/view.php?id=CVE-2007-5095
Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file. Microsoft Windows Media Player (WMP) 9 sobre Windows XP SP2 llama a Internet Explorer en documentos HTML presentados dentro de algunos archivos media, sin importar cuál es el navegador web por defecto, lo cual podría permitir a atacantes remotos explotar vulnerabilidades en software que el usuario no esperaba ejecutar, como se demostro por el parámetro HTMLView en un archivo .asx. • http://osvdb.org/41093 http://www.gnucitizen.org/blog/backdooring-windows-media-files http://www.securityfocus.com/archive/1/479825/100/100/threaded http://www.securityfocus.com/archive/1/479854/100/100/threaded http://www.securityfocus.com/archive/1/479855/100/100/threaded http://www.securityfocus.com/archive/1/479856/100/100/threaded • CWE-20: Improper Input Validation •
CVE-2007-3037 – Microsoft Windows Media Player Skin Parsing Size Mismatch Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-3037
Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins." Microsoft Windows Media Player versiones 7.1, 9, 10 y 11 permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo skin (WMZ o WMD) con información de encabezado creada que causa una falta de coincidencia de tamaño entre los datos comprimidos y descomprimidos y desencadena un desbordamiento de búfer en la región heap de la memoria, también se conoce como "Windows Media Player Code Execution Vulnerability Parsing Skins." This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of malformed skin files (WMZ). A size compressed / decompressed size mismatch can result in an under allocated heap buffer which can be leveraged by an attacker to eventually execute arbitrary code under the context of the current user. • http://secunia.com/advisories/26433 http://securitytracker.com/id?1018565 http://www.osvdb.org/36385 http://www.securityfocus.com/archive/1/476533/100/0/threaded http://www.securityfocus.com/bid/25307 http://www.us-cert.gov/cas/techalerts/TA07-226A.html http://www.vupen.com/english/advisories/2007/2871 http://www.zerodayinitiative.com/advisories/ZDI-07-046.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-047 https://oval.cisecurity.org/rep • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-3035 – Microsoft Windows Media Player Malformed Skin Header Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2007-3035
Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins." Una Vulnerabilidad no especificada en Microsoft Windows Media Player versiones 7.1, 9, 10 y 11 permite a atacantes remotos ejecutar código arbitrario por medio de un archivo skin (WMZ o WMD) con información de encabezado creada que no es manejada apropiadamente durante la descompresión, también se conoce como "Windows Media Player Code Execution Vulnerability Decompressing Skins." This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists while decompressing skin files (.WMZ and .WMD) with malformed headers. During this process the malformed values are used to improperly calculate data which can later allow an attacker to execute code under the rights of the current user. • http://secunia.com/advisories/26433 http://securitytracker.com/id?1018565 http://www.securityfocus.com/archive/1/476548/100/0/threaded http://www.securityfocus.com/bid/25305 http://www.us-cert.gov/cas/techalerts/TA07-226A.html http://www.vupen.com/english/advisories/2007/2871 http://www.zerodayinitiative.com/advisories/ZDI-07-047.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-047 https://exchange.xforce.ibmcloud.com/vulnerabilities/35895 https:/& •