CVSS: 9.3EPSS: 40%CPEs: 5EXPL: 0CVE-2013-3127 – Microsoft Windows Media Player WMV Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3127
10 Jul 2013 — The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability." El códec de vídeo Microsoft WMV en wmv9vcm.dll, wmvdmod.dll en Windows Media Format Runtime v9 y v9.5, y wmvdecod.dll en Windows Media Format Runtime 11 y Windows Media Player v11 y v12 p... • http://www.us-cert.gov/ncas/alerts/TA13-190A • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 60%CPEs: 28EXPL: 1CVE-2010-2745 – Mozilla Firefox 3.5.10/3.6.6 - 'WMP' Memory Corruption Using Popups
https://notcve.org/view.php?id=CVE-2010-2745
13 Oct 2010 — Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability." Microsoft Windows Media Player (WMP) v9 hasta v12 no asigna adecuadamente ojetos durante la acción de recarga de buscador, lo que permite a atacantes asistidos por usuarios remotos ejecutar código de su el... • https://www.exploit-db.com/exploits/15242 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 61%CPEs: 6EXPL: 0CVE-2010-0268 – Microsoft Windows Media Player Codec Retrieval Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0268
13 Apr 2010 — Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability." Vulnerabilidad no especificada en el control ActiveX de Windows Media Player (WMP) 9 en Microsoft Windows 2000 SP4 y XP SP2 y SP3 permite a atacantes remotos ejecutar código de su elección a través de contenido media manipulada,... • http://www.us-cert.gov/cas/techalerts/TA10-103A.html •
CVSS: 5.5EPSS: 28%CPEs: 2EXPL: 2CVE-2010-0718 – Microsoft Windows Media Player 11.0.5721.5145 - '.mpg' Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-0718
26 Feb 2010 — Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file. Desbordamiento de búfer en Microsoft Windows Media Player 9 y v11.0.5721.5145, permite a atacantes remotos provocar una denegación de servicio (división entre 0 y caída de aplicación) a través de un fichero .mpg manipulado. • https://www.exploit-db.com/exploits/11531 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 58%CPEs: 20EXPL: 0CVE-2009-2525
https://notcve.org/view.php?id=CVE-2009-2525
14 Oct 2009 — Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability." Microsoft Windows Media Runtime, usado en DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder y Au... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 60%CPEs: 23EXPL: 0CVE-2009-0555 – Microsoft Windows Media Player Audio Voice Sample Rate Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-0555
13 Oct 2009 — Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." Microsoft Windows Media Runtime, como se utiliza en DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, y Audi... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 46%CPEs: 3EXPL: 3CVE-2008-5745 – Microsoft Windows Media Player - '.wav' Remote Crash (PoC)
https://notcve.org/view.php?id=CVE-2008-5745
29 Dec 2008 — Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927. Desbordamiento de entero en Microsoft Windows Media Player 9, 10 y 11, permite a atacantes remotos ejecu... • https://www.exploit-db.com/exploits/7585 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 41%CPEs: 53EXPL: 0CVE-2008-3009
https://notcve.org/view.php?id=CVE-2008-3009
10 Dec 2008 — Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." Microsoft Windows Media Player v6.4, Windows Media Format Runtime v7.1 a v11, y Windows Media Services v4.1, v9, y 2008 no usan apropiadamen... • http://secunia.com/advisories/33058 • CWE-255: Credentials Management Errors •
CVSS: 5.5EPSS: 25%CPEs: 3EXPL: 1CVE-2008-4927
https://notcve.org/view.php?id=CVE-2008-4927
04 Nov 2008 — Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Microsoft Windows Media Player (WMP) v9.0 hasta v11 permite a atacantes asistidos por el usuario local provocar una denegación de servicio (caída de la aplicación) a través de ficheros (1) ... • http://www.securityfocus.com/bid/32077 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 27%CPEs: 2EXPL: 0CVE-2007-5095
https://notcve.org/view.php?id=CVE-2007-5095
26 Sep 2007 — Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file. Microsoft Windows Media Player (WMP) 9 sobre Windows XP SP2 llama a Internet Explorer en documentos HTML presentados dentro de algunos archivos ... • http://osvdb.org/41093 • CWE-20: Improper Input Validation •