New Search

Windows Media Player Code Execution Vulnerability Parsing Skins

oval:org.mitre.oval:def:2207

Microsoft Windows Media Player 7.1 9 10 and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow aka "Windows Media Player Code Execution Vulnerability Parsing Skins."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 2000
  • Microsoft Windows Vista
  • Microsoft Windows XP
  • Microsoft Windows Server 2003
Class:
vulnerability
Reference(s):
  • CVE-2007-3037
Product(s):
  • Windows Media Player