CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46814
https://notcve.org/view.php?id=CVE-2023-46814
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM. Existe una vulnerabilidad de secuestro binario en el reproductor multimedia VideoLAN VLC anterior a 3.0.19 en Windows. El desinstalador intenta ejecutar código con privilegios elevados desde una ubicación de escritura estándar por parte del usuario. • https://www.videolan.org/security/sb-vlc3019.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-18278
https://notcve.org/view.php?id=CVE-2019-18278
When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue. Al ejecutar el reproductor de medios VideoLAN VLC 3.0.8 con libqt en Windows, los datos de una dirección con errores controlan el flujo de código a partir de libqt_plugin! Vlc_entry_license__3_0_0f + 0x00000000003b9aba. • https://code610.blogspot.com/2019/10/random-bytes-in-vlc-308.html •
CVSS: 2.5EPSS: 0%CPEs: 15EXPL: 0CVE-2017-11768 – Windows Media Player Information Disclosure
https://notcve.org/view.php?id=CVE-2017-11768
Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. due to the way Windows Media Player discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." Windows Media Player en Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703 y 1709, Windows Server 2016 y Windows Server en su versión 1709 permite que atacantes remotos realicen pruebas en busca de archivos en el disco mediante una aplicación especialmente manipulada. Esto se debe a la manera en la que Windows Media Player revela información de los archivos. Esta vulnerabilidad también se conoce como "Windows Media Player Information Disclosure Vulnerability". Windows Media Player suffers from an information disclosure vulnerability that lets an attacker know if a file exists. • http://www.securityfocus.com/bid/101705 http://www.securitytracker.com/id/1039794 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11768 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 14%CPEs: 10EXPL: 0CVE-2015-1728
https://notcve.org/view.php?id=CVE-2015-1728
Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability." Microsoft Windows Media Player 10 hasta 12 permite a atacantes remotos ejecutar código a través de un DataObject manipulado en un sitio web, también conocido como 'vulnerabilidad de DataObject a través de RCE Windows Media Player.' • http://www.securitytracker.com/id/1032522 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-057 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1200 • CWE-17: DEPRECATED: Code •
CVSS: 6.8EPSS: 31%CPEs: 1EXPL: 10CVE-2014-2671 – GOM Video Converter 1.1.0.60 - '.wav' Memory Corruption (PoC)
https://notcve.org/view.php?id=CVE-2014-2671
Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file. Microsoft Windows Media Player (WMP) 11.0.5721.5230 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de un archivo WAV manipulado. • https://www.exploit-db.com/exploits/32483 https://www.exploit-db.com/exploits/32482 https://www.exploit-db.com/exploits/32478 https://www.exploit-db.com/exploits/32481 https://www.exploit-db.com/exploits/26517 https://www.exploit-db.com/exploits/26951 https://www.exploit-db.com/exploits/32477 http://packetstormsecurity.com/files/125834 http://www.exploit-db.com/exploits/32477 http://www.securityfocus.com/bid/66403 https://exchange.xforce.ibmcloud.com/vulnerabilities/92080 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •