6 results (0.010 seconds)

CVSS: 10.0EPSS: 12%CPEs: 53EXPL: 0

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." Microsoft Windows Media Player v6.4, Windows Media Format Runtime v7.1 a v11, y Windows Media Services v4.1, v9, y 2008 no usan apropiadamente el identificador Service Principal Name (SPN) al validar respuestas a peticiones de autenticación, lo que permite a servidores remotos ejecutar código de su elección mediante vectores que emplean reflexión de credenciales NTLM, alias "Vulnerabilidad SPN". • http://secunia.com/advisories/33058 http://www.securityfocus.com/bid/32653 http://www.securitytracker.com/id?1021372 http://www.securitytracker.com/id?1021373 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3388 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-076 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5942 • CWE-255: Credentials Management Errors •

CVSS: 5.0EPSS: 83%CPEs: 1EXPL: 0

Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets. Vulnerabilidad desconocida en los componentes Windows Media Station Service y Windows Media Monitor Service de Windows Media Services 4.1 permite a atacantes remotos causar una denegación de servicio (impidiendo nuevas conexiones) mediante ciertas secuencias de paquetes TCP/IP. • http://www.kb.cert.org/vuls/id/982630 http://www.securityfocus.com/bid/9825 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-008 https://exchange.xforce.ibmcloud.com/vulnerabilities/15038 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A842 •

CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 0

Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ281256 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-097 https://exchange.xforce.ibmcloud.com/vulnerabilities/5785 •

CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 0

Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability. • http://www.securityfocus.com/bid/1655 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-064 https://exchange.xforce.ibmcloud.com/vulnerabilities/5193 •

CVSS: 5.0EPSS: 24%CPEs: 2EXPL: 1

Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability. • https://www.exploit-db.com/exploits/19974 http://www.securityfocus.com/bid/1282 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/4585 •