6 results (0.008 seconds)

CVSS: 7.6EPSS: 79%CPEs: 4EXPL: 0

Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins." Una Vulnerabilidad no especificada en Microsoft Windows Media Player versiones 7.1, 9, 10 y 11 permite a atacantes remotos ejecutar código arbitrario por medio de un archivo skin (WMZ o WMD) con información de encabezado creada que no es manejada apropiadamente durante la descompresión, también se conoce como "Windows Media Player Code Execution Vulnerability Decompressing Skins." This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists while decompressing skin files (.WMZ and .WMD) with malformed headers. During this process the malformed values are used to improperly calculate data which can later allow an attacker to execute code under the rights of the current user. • http://secunia.com/advisories/26433 http://securitytracker.com/id?1018565 http://www.securityfocus.com/archive/1/476548/100/0/threaded http://www.securityfocus.com/bid/25305 http://www.us-cert.gov/cas/techalerts/TA07-226A.html http://www.vupen.com/english/advisories/2007/2871 http://www.zerodayinitiative.com/advisories/ZDI-07-047.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-047 https://exchange.xforce.ibmcloud.com/vulnerabilities/35895 https:/& •

CVSS: 4.0EPSS: 64%CPEs: 4EXPL: 0

Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins." Microsoft Windows Media Player versiones 7.1, 9, 10 y 11 permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo skin (WMZ o WMD) con información de encabezado creada que causa una falta de coincidencia de tamaño entre los datos comprimidos y descomprimidos y desencadena un desbordamiento de búfer en la región heap de la memoria, también se conoce como "Windows Media Player Code Execution Vulnerability Parsing Skins." This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of malformed skin files (WMZ). A size compressed / decompressed size mismatch can result in an under allocated heap buffer which can be leveraged by an attacker to eventually execute arbitrary code under the context of the current user. • http://secunia.com/advisories/26433 http://securitytracker.com/id?1018565 http://www.osvdb.org/36385 http://www.securityfocus.com/archive/1/476533/100/0/threaded http://www.securityfocus.com/bid/25307 http://www.us-cert.gov/cas/techalerts/TA07-226A.html http://www.vupen.com/english/advisories/2007/2871 http://www.zerodayinitiative.com/advisories/ZDI-07-046.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-047 https://oval.cisecurity.org/rep • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 95%CPEs: 11EXPL: 3

Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data. • https://www.exploit-db.com/exploits/1500 https://www.exploit-db.com/exploits/1502 http://secunia.com/advisories/18835 http://securityreason.com/securityalert/423 http://securitytracker.com/id?1015627 http://www.eeye.com/html/research/advisories/AD20060214.html http://www.kb.cert.org/vuls/id/291396 http://www.securityfocus.com/archive/1/424983/100/0/threaded http://www.securityfocus.com/archive/1/425158/100/0/threaded http://www.securityfocus.com/bid/16633 http://w • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.1EPSS: 0%CPEs: 4EXPL: 0

The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions. • http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B828026 http://www.kb.cert.org/vuls/id/222044 https://exchange.xforce.ibmcloud.com/vulnerabilities/13375 •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL. Windows Media Player (WMP) 7 y 8, corriendo en Internet Explorer y posiblemente otros productos de Microsoft que procesan HTML, permite a atacantes remotos saltarse restricciones de zona y acceder o ejecutar ficheros arbitrarios mediante una etiqueta IFRAME apuntando a un fichero ADF cuyo "Content-location" contiene una URL de tipo "File://". • http://marc.info/?l=bugtraq&m=105899261818572&w=2 http://marc.info/?l=bugtraq&m=105906867322856&w=2 http://marc.info/?l=ntbugtraq&m=105899408520292&w=2 http://marc.info/?l=ntbugtraq&m=105906261314411&w=2 http://www.malware.com/once.again%21.html http://www.pivx.com/larholm/unpatched •