CVE-2007-3037
Microsoft Windows Media Player Skin Parsing Size Mismatch Heap Overflow Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins."
Microsoft Windows Media Player versiones 7.1, 9, 10 y 11 permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo skin (WMZ o WMD) con información de encabezado creada que causa una falta de coincidencia de tamaño entre los datos comprimidos y descomprimidos y desencadena un desbordamiento de búfer en la región heap de la memoria, también se conoce como "Windows Media Player Code Execution Vulnerability Parsing Skins."
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists during the parsing of malformed skin files (WMZ). A size compressed / decompressed size mismatch can result in an under allocated heap buffer which can be leveraged by an attacker to eventually execute arbitrary code under the context of the current user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-06-05 CVE Reserved
- 2007-08-14 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1018565 | Vdb Entry | |
| http://www.osvdb.org/36385 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/476533/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/25307 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA07-226A.html | Third Party Advisory | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-046.html | X_refsource_misc |
|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2207 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/26433 | 2018-10-16 | |
| http://www.vupen.com/english/advisories/2007/2871 | 2018-10-16 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-047 | 2018-10-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows Media Player Search vendor "Microsoft" for product "Windows Media Player" | 7.1 Search vendor "Microsoft" for product "Windows Media Player" and version "7.1" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Media Player Search vendor "Microsoft" for product "Windows Media Player" | 9 Search vendor "Microsoft" for product "Windows Media Player" and version "9" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Media Player Search vendor "Microsoft" for product "Windows Media Player" | 10 Search vendor "Microsoft" for product "Windows Media Player" and version "10" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Media Player Search vendor "Microsoft" for product "Windows Media Player" | 11 Search vendor "Microsoft" for product "Windows Media Player" and version "11" | - |
Affected
| ||||||