Computer Security

Microsoft Windows Media Player multiple security vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Microsoft Windows Media Player multiple security vulnerabilities
Published:15.08.2007
Source:BUGTRAQ
SecurityVulns ID:8044
Type:remote
Level:6/10
Description:Multiple vulnerabilities on skin files parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-3037 (Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins.")
 CVE-2007-3035 (Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins.")
Original documentdocumentZDI, [Full-disclosure] ZDI-07-046: Microsoft Windows Media Player Skin Parsing Size Mismatch Heap Overflow Vulnerability (15.08.2007)
 documentZDI, [Full-disclosure] ZDI-07-047: Microsoft Windows Media Player Malformed Skin Header Code Execution Vulnerability (15.08.2007)
 documentMICROSOFT, http://www.microsoft.com/technet/security/bulletin/ms07-047.mspx (15.08.2007)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru