CVSS: 9.3EPSS: 26%CPEs: 10EXPL: 0CVE-2015-1728
https://notcve.org/view.php?id=CVE-2015-1728
10 Jun 2015 — Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability." Microsoft Windows Media Player 10 hasta 12 permite a atacantes remotos ejecutar código a través de un DataObject manipulado en un sitio web, también conocido como 'vulnerabilidad de DataObject a través de RCE Windows Media Player.' • http://www.securitytracker.com/id/1032522 • CWE-17: DEPRECATED: Code •
CVSS: 9.3EPSS: 60%CPEs: 28EXPL: 1CVE-2010-2745 – Mozilla Firefox 3.5.10/3.6.6 - 'WMP' Memory Corruption Using Popups
https://notcve.org/view.php?id=CVE-2010-2745
13 Oct 2010 — Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability." Microsoft Windows Media Player (WMP) v9 hasta v12 no asigna adecuadamente ojetos durante la acción de recarga de buscador, lo que permite a atacantes asistidos por usuarios remotos ejecutar código de su el... • https://www.exploit-db.com/exploits/15242 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 28%CPEs: 2EXPL: 2CVE-2010-0718 – Microsoft Windows Media Player 11.0.5721.5145 - '.mpg' Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-0718
26 Feb 2010 — Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file. Desbordamiento de búfer en Microsoft Windows Media Player 9 y v11.0.5721.5145, permite a atacantes remotos provocar una denegación de servicio (división entre 0 y caída de aplicación) a través de un fichero .mpg manipulado. • https://www.exploit-db.com/exploits/11531 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 46%CPEs: 3EXPL: 3CVE-2008-5745 – Microsoft Windows Media Player - '.wav' Remote Crash (PoC)
https://notcve.org/view.php?id=CVE-2008-5745
29 Dec 2008 — Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927. Desbordamiento de entero en Microsoft Windows Media Player 9, 10 y 11, permite a atacantes remotos ejecu... • https://www.exploit-db.com/exploits/7585 • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 25%CPEs: 3EXPL: 1CVE-2008-4927
https://notcve.org/view.php?id=CVE-2008-4927
04 Nov 2008 — Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Microsoft Windows Media Player (WMP) v9.0 hasta v11 permite a atacantes asistidos por el usuario local provocar una denegación de servicio (caída de la aplicación) a través de ficheros (1) ... • http://www.securityfocus.com/bid/32077 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 52%CPEs: 4EXPL: 0CVE-2007-3035 – Microsoft Windows Media Player Malformed Skin Header Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2007-3035
14 Aug 2007 — Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins." Una Vulnerabilidad no especificada en Microsoft Windows Media Player versiones 7.1, 9, 10 y 11 permite a atacantes remotos ejecutar código arbitrario por medio de un archivo skin (WMZ o WMD) con... • http://secunia.com/advisories/26433 •
CVSS: 7.8EPSS: 59%CPEs: 4EXPL: 0CVE-2007-3037 – Microsoft Windows Media Player Skin Parsing Size Mismatch Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-3037
14 Aug 2007 — Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins." Microsoft Windows Media Player versiones 7.1, 9, 10 y 11 permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo skin (WMZ o WMD) con informa... • http://secunia.com/advisories/26433 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 43%CPEs: 2EXPL: 2CVE-2006-6601 – Microsoft Windows Media Player 6.4/10.0 - MID Malformed Header Chunk Denial of Service
https://notcve.org/view.php?id=CVE-2006-6601
15 Dec 2006 — Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0. Windows Media Player 10.00.00.4036 en Microsoft Windows XP SP2 permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio mediante un archivo .MID (MIDI) con un trozo de cabecera ... • https://www.exploit-db.com/exploits/29285 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 68%CPEs: 1EXPL: 1CVE-2006-6134
https://notcve.org/view.php?id=CVE-2006-6134
28 Nov 2006 — Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file. Desbordamiento de búfer basado en montículo en la función WMCheckURLScheme de WMVCORE.DLL en Microsoft Windows Media Player (WMP) ... • http://blogs.technet.com/msrc/archive/2006/12/07/public-proof-of-concept-code-for-asx-file-format-isssue.aspx • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •