Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows Media Player multiple security vulnerabilities
Published:15.08.2007
Source:
SecurityVulns ID:8044
Type:remote
Threat Level:
6/10
Description:Multiple vulnerabilities on skin files parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-3037 (Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins.")
 CVE-2007-3035 (Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins.")
Original documentdocumentZDI, [Full-disclosure] ZDI-07-046: Microsoft Windows Media Player Skin Parsing Size Mismatch Heap Overflow Vulnerability (15.08.2007)
 documentZDI, [Full-disclosure] ZDI-07-047: Microsoft Windows Media Player Malformed Skin Header Code Execution Vulnerability (15.08.2007)
 documentMICROSOFT, http://www.microsoft.com/technet/security/bulletin/ms07-047.mspx (15.08.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod