CVE-2013-3127
Microsoft Windows Media Player WMV Parsing Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability."
El códec de vídeo Microsoft WMV en wmv9vcm.dll, wmvdmod.dll en Windows Media Format Runtime v9 y v9.5, y wmvdecod.dll en Windows Media Format Runtime 11 y Windows Media Player v11 y v12 permite a atacantes remotos a ejecutar código a través de ficheros multimedia manipulados, tambíen conocido como "WMV Video Decoder Remote Code Execution Vulnerability."
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of the ASF Header Object where the initial value of a for loop is not properly sanitized. An integer underflow can occur resulting in a buffer overflow. This can be leveraged to gain remote code execution under the context of the user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-04-17 CVE Reserved
- 2013-07-10 CVE Published
- 2024-08-03 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.us-cert.gov/ncas/alerts/TA13-190A | Third Party Advisory | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16998 | Signature |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-057 | 2018-10-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Windows Media Format Runtime Search vendor "Microsoft" for product "Windows Media Format Runtime" | 9 Search vendor "Microsoft" for product "Windows Media Format Runtime" and version "9" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Media Format Runtime Search vendor "Microsoft" for product "Windows Media Format Runtime" | 9.5 Search vendor "Microsoft" for product "Windows Media Format Runtime" and version "9.5" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Media Format Runtime Search vendor "Microsoft" for product "Windows Media Format Runtime" | 11 Search vendor "Microsoft" for product "Windows Media Format Runtime" and version "11" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Media Player Search vendor "Microsoft" for product "Windows Media Player" | 11 Search vendor "Microsoft" for product "Windows Media Player" and version "11" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Media Player Search vendor "Microsoft" for product "Windows Media Player" | 12 Search vendor "Microsoft" for product "Windows Media Player" and version "12" | - |
Affected
|