// For flags

CVE-2007-3037

Microsoft Windows Media Player Skin Parsing Size Mismatch Heap Overflow Vulnerability

Severity Score

4.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins."

Microsoft Windows Media Player versiones 7.1, 9, 10 y 11 permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo skin (WMZ o WMD) con información de encabezado creada que causa una falta de coincidencia de tamaño entre los datos comprimidos y descomprimidos y desencadena un desbordamiento de búfer en la región heap de la memoria, también se conoce como "Windows Media Player Code Execution Vulnerability Parsing Skins."

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists during the parsing of malformed skin files (WMZ). A size compressed / decompressed size mismatch can result in an under allocated heap buffer which can be leveraged by an attacker to eventually execute arbitrary code under the context of the current user.

*Credits: Piotr Bania
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-06-05 CVE Reserved
  • 2007-08-14 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-11-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
Windows Media Player
Search vendor "Microsoft" for product "Windows Media Player"
7.1
Search vendor "Microsoft" for product "Windows Media Player" and version "7.1"
-
Affected
Microsoft
Search vendor "Microsoft"
Windows Media Player
Search vendor "Microsoft" for product "Windows Media Player"
9
Search vendor "Microsoft" for product "Windows Media Player" and version "9"
-
Affected
Microsoft
Search vendor "Microsoft"
Windows Media Player
Search vendor "Microsoft" for product "Windows Media Player"
10
Search vendor "Microsoft" for product "Windows Media Player" and version "10"
-
Affected
Microsoft
Search vendor "Microsoft"
Windows Media Player
Search vendor "Microsoft" for product "Windows Media Player"
11
Search vendor "Microsoft" for product "Windows Media Player" and version "11"
-
Affected