Remote Memory-Corruption Vulnerability in Microsoft Windows Media Player

vendor:

Windows Media Player

by:

Unknown

N/A

CVSS

HIGH

Memory Corruption

119

CWE

Product Name: Windows Media Player

Affected Version From: Windows Media Player 11

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE: a:microsoft:windows_media_player:11

Metasploit:

Other Scripts:

Platforms Tested: Windows

2010

Remote Memory-Corruption Vulnerability in Microsoft Windows Media Player

The vulnerability exists when handling specially crafted AVI files. An attacker can exploit this issue by enticing a user to open a malicious file with the vulnerable application. Successful exploitation may allow arbitrary code execution in the context of the logged-in user.

Mitigation:

No known mitigation or remediation is available for this vulnerability.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/38790/info

Microsoft Windows Media Player is prone to a remote memory-corruption vulnerability when handling specially crafted AVI files.

An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file with the vulnerable application. A successful exploit may allow arbitrary code to run in the context of the currently logged-in user.

Windows Media Player 11 is vulnerable; other versions may also be affected.

UPDATE (Mar 19, 2010): The vendor has not been able to replicate this issue. Pending further investigation, this BID will be updated and possibly retired.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/33770.avi.gz