CVSS: 9.3EPSS: 62%CPEs: 7EXPL: 0CVE-2009-2527
https://notcve.org/view.php?id=CVE-2009-2527
14 Oct 2009 — Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability." Desbordamiento de búfer basado en memoria dinámica (heap) en Microsoft Windows Media Player v6.4, permite a atacantes remotos ejecutar código de su elección a través de un archivo ASF manipulado o (2) a través de un contenido para difusión (streaming) manipulado, también conocida como "Vulnerabil... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 41%CPEs: 53EXPL: 0CVE-2008-3009
https://notcve.org/view.php?id=CVE-2008-3009
10 Dec 2008 — Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." Microsoft Windows Media Player v6.4, Windows Media Format Runtime v7.1 a v11, y Windows Media Services v4.1, v9, y 2008 no usan apropiadamen... • http://secunia.com/advisories/33058 • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 41%CPEs: 10EXPL: 0CVE-2008-3010
https://notcve.org/view.php?id=CVE-2008-3010
10 Dec 2008 — Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 hasta 11, y Windows Media Services 4.1 y 9 incorrectamente asociado... • http://secunia.com/advisories/33058 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 56%CPEs: 3EXPL: 2CVE-2007-6401 – Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow
https://notcve.org/view.php?id=CVE-2007-6401
17 Dec 2007 — Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402. Desbordamiento de búfer basado en pila en mplayer2.exe en Microsoft Windows Media Player (WMP) 6.4, cuando es usado con el codec 3ivx 4.5.1 o 5.0.1, permite a atacantes remotos ejecutar código de su elección mediante cierto fichero .mp4, posiblemente un asunt... • https://www.exploit-db.com/exploits/4702 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 55%CPEs: 4EXPL: 0CVE-2006-4702
https://notcve.org/view.php?id=CVE-2006-4702
13 Dec 2006 — Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. Desbordamiento de Búfer en el Windows Media Format Runtime del Microsoft Windows Media Player (WMP) 6.4 y Windows XP SP2, Server 2003, y Server 2003 SP1 permite a atacantes remotos ejecutar código de su elección a través de la modificación del fichero Advanced Sy... • http://securitytracker.com/id?1017372 •
CVSS: 9.1EPSS: 11%CPEs: 4EXPL: 0CVE-2003-1107
https://notcve.org/view.php?id=CVE-2003-1107
31 Dec 2003 — The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions. • http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B828026 •
CVSS: 9.8EPSS: 6%CPEs: 5EXPL: 2CVE-2002-1847 – Microsoft Windows Media Player 6/7 - Filename Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-1847
31 Dec 2002 — Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability. • https://www.exploit-db.com/exploits/21670 •
CVSS: 7.5EPSS: 7%CPEs: 3EXPL: 0CVE-2002-0372
https://notcve.org/view.php?id=CVE-2002-0372
03 Jul 2002 — Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player". Microsoft Windows Media Player versiones 6.4 y 7.1 y Media Player para Windows XP permite a atacantes remotos eludir los mecanismos de seguridad de Internet Explorer's (IE), y ejecu... • http://www.iss.net/security_center/static/9420.php •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 0CVE-2002-0340
https://notcve.org/view.php?id=CVE-2002-0340
03 May 2002 — Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when the file's extension or content type does not specify .wmf, which could make it easier for attackers to conduct unauthorized activities via Trojan horse files containing .wmf content. • http://marc.info/?l=bugtraq&m=101447771102582&w=2 •
CVSS: 8.8EPSS: 17%CPEs: 1EXPL: 0CVE-2001-0719
https://notcve.org/view.php?id=CVE-2001-0719
06 Dec 2001 — Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file. • http://online.securityfocus.com/archive/1/202470 •