CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46814
https://notcve.org/view.php?id=CVE-2023-46814
22 Nov 2023 — A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM. Existe una vulnerabilidad de secuestro binario en el reproductor multimedia VideoLAN VLC anterior a 3.0.19 en Windows. El desinstalador intenta ejecutar código con privilegios elevados desde una ubicación de escritura estándar po... • https://www.videolan.org/security/sb-vlc3019.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-18278
https://notcve.org/view.php?id=CVE-2019-18278
23 Oct 2019 — When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue. Al ejecutar el reproductor de medios VideoLAN VLC 3.0.8 con libqt en Windows, los datos de una dirección con errores controlan el flujo de código a partir de libqt_plugin! Vlc_entry_license__3_0_0f + 0x... • https://code610.blogspot.com/2019/10/random-bytes-in-vlc-308.html •
CVSS: 2.5EPSS: 1%CPEs: 15EXPL: 1CVE-2017-11768 – Windows Media Player Information Disclosure
https://notcve.org/view.php?id=CVE-2017-11768
15 Nov 2017 — Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. due to the way Windows Media Player discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." Windows Media Player en Windows 7 SP1, Windows Server ... • https://packetstorm.news/files/id/145549 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 26%CPEs: 10EXPL: 0CVE-2015-1728
https://notcve.org/view.php?id=CVE-2015-1728
10 Jun 2015 — Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability." Microsoft Windows Media Player 10 hasta 12 permite a atacantes remotos ejecutar código a través de un DataObject manipulado en un sitio web, también conocido como 'vulnerabilidad de DataObject a través de RCE Windows Media Player.' • http://www.securitytracker.com/id/1032522 • CWE-17: DEPRECATED: Code •
CVSS: 7.8EPSS: 30%CPEs: 1EXPL: 10CVE-2014-2671 – GOM Video Converter 1.1.0.60 - '.wav' Memory Corruption (PoC)
https://notcve.org/view.php?id=CVE-2014-2671
30 Mar 2014 — Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file. Microsoft Windows Media Player (WMP) 11.0.5721.5230 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de un archivo WAV manipulado. • https://www.exploit-db.com/exploits/32483 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 40%CPEs: 5EXPL: 0CVE-2013-3127 – Microsoft Windows Media Player WMV Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3127
10 Jul 2013 — The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability." El códec de vídeo Microsoft WMV en wmv9vcm.dll, wmvdmod.dll en Windows Media Format Runtime v9 y v9.5, y wmvdecod.dll en Windows Media Format Runtime 11 y Windows Media Player v11 y v12 p... • http://www.us-cert.gov/ncas/alerts/TA13-190A • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 60%CPEs: 28EXPL: 1CVE-2010-2745 – Mozilla Firefox 3.5.10/3.6.6 - 'WMP' Memory Corruption Using Popups
https://notcve.org/view.php?id=CVE-2010-2745
13 Oct 2010 — Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability." Microsoft Windows Media Player (WMP) v9 hasta v12 no asigna adecuadamente ojetos durante la acción de recarga de buscador, lo que permite a atacantes asistidos por usuarios remotos ejecutar código de su el... • https://www.exploit-db.com/exploits/15242 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 47%CPEs: 3EXPL: 4CVE-2010-3138 – Media Player Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-3138
27 Aug 2010 — Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information. Una vulnerabilidad de ruta (path) de búsqueda no... • https://www.exploit-db.com/exploits/14765 •
CVSS: 10.0EPSS: 61%CPEs: 6EXPL: 0CVE-2010-0268 – Microsoft Windows Media Player Codec Retrieval Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0268
13 Apr 2010 — Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability." Vulnerabilidad no especificada en el control ActiveX de Windows Media Player (WMP) 9 en Microsoft Windows 2000 SP4 y XP SP2 y SP3 permite a atacantes remotos ejecutar código de su elección a través de contenido media manipulada,... • http://www.us-cert.gov/cas/techalerts/TA10-103A.html •
CVSS: 7.8EPSS: 48%CPEs: 3EXPL: 2CVE-2010-1042 – Microsoft Windows Media Player 11 - '.AVI' File Colorspace Conversion Remote Memory Corruption
https://notcve.org/view.php?id=CVE-2010-1042
22 Mar 2010 — Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Microsoft Windows Media Player 11 no convierte correctamente el colorspace, lo que permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posi... • https://www.exploit-db.com/exploits/33770 •