CVSS: 9.3EPSS: 16%CPEs: 3EXPL: 2CVE-2007-6402 – Media Player Classic 6.4.9 - '.MP4' File Stack Overflow
https://notcve.org/view.php?id=CVE-2007-6402
Stack-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6401. Desbordamiento de búfer basado en pila en mplayerc.exe de Media Player Classic (MPC) 6.4.9, cuando se usa con el codec 3ivx 4.5.1 ó 5.0.1, permite a atacantes remotos ejecutar código de su elección mediante un fichero determinado .mp4, posiblemente un asunto relacionado a CVE-2007-6401. • https://www.exploit-db.com/exploits/4701 http://www.securityfocus.com/archive/1/484781/100/0/threaded http://www.securityfocus.com/archive/1/484832/100/100/threaded http://www.securityfocus.com/bid/26774 http://www.securitytracker.com/id?1019064 http://www.vupen.com/english/advisories/2007/4141 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 25%CPEs: 3EXPL: 3CVE-2007-4939 – Media Player Classic 6.4.9 - Malformed AVI Header Multiple Remote Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-4939
Heap-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9.0 and earlier, as used standalone and in mympc (aka CD-Storm) 1.0.0.1, StormPlayer 1.0.4, and possibly other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with an "indx truck size" of 0xffffffff, and certain wLongsPerEntry and nEntriesInuse values. Desbordamiento de búfer basado en pila en mplayerc.exe de Media Player Classic (MPC) 6.4.9.0 y versiones anteriores, tal y como se usa en modo solitario (standalone) y en mympc (también conocido como CD-Storm) 1.0.0.1, StormPlayer 1.0.4, y posiblemente otros productos, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección mediante un fichero .avi con un "tamaño de índice de pista" de 0xffffffff, y determinados valores wLongsPerEntry y nEntriesInuse. • https://www.exploit-db.com/exploits/30579 http://secunia.com/advisories/26806 http://secunia.com/advisories/26807 http://secunia.com/advisories/26808 http://securityreason.com/securityalert/3144 http://www.securityfocus.com/archive/1/479222/100/0/threaded http://www.securityfocus.com/bid/25650 http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt http://www.vupen.com/english/advisories/2007/3140 http://www.vupen.com/english/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 3EXPL: 1CVE-2007-4940
https://notcve.org/view.php?id=CVE-2007-4940
Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and earlier, as used standalone and in mympc (aka CD-Storm) 1.0.0.1, StormPlayer 1.0.4, and possibly other products, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values. Múltiples desbordamientos de enteros en el Media Player Classic (MPC) 6.4.9.0 y versiones anteriores, como el utilizado en el modo solitario (standalone) y en el mympc (también conocido como CD-Storm) 1.0.0.1, en el StormPlayer 1.0.4 y, posiblemente, en otros productos, permiten a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o, posiblemente, ejecutar código de su elección a través de un fichero .avi con ciertos valores largos en el "indx truck size" y en el nEntriesInuse. • http://securityreason.com/securityalert/3144 http://www.securityfocus.com/archive/1/479222/100/0/threaded http://www.securityfocus.com/bid/25650 http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/36584 • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 11%CPEs: 1EXPL: 2CVE-2006-7222 – Media Player Classic 6.4.9 - FLI File Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-7222
Buffer overflow in the CFLICStream::_deltachunk function in FLICSource.cpp in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to execute arbitrary code via a crafted FLI file. Desbordamiento de búfer en la función CFLICStream::_deltachunk en FLICSource.cpp en Media Player Classic (MPC) 6.4.9.0 permite a atacantes remotos con la intervención del usuario ejecutar código de su elección a través de un archivo FLI manipulado. • https://www.exploit-db.com/exploits/30529 http://secunia.com/advisories/26591 http://www.securityfocus.com/bid/25437 http://www.team509.com/modules.php?name=News&file=article&sid=38 https://exchange.xforce.ibmcloud.com/vulnerabilities/36242 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •