This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2001-09-20
Product Windows Media Player Last view 2010-08-27
Version * Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:windows_media_player

Activity : Overall

Related : CVE

  Date Alert Description
9.3 2010-08-27 CVE-2010-3138

Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information.

9.3 2009-12-12 CVE-2009-4309

Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.

7.5 2002-06-25 CVE-2002-0340

Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when the file's extension or content type does not specify .wmf, which could make it easier for attackers to conduct unauthorized activities via Trojan horse files containing .wmf content.

7.5 2001-09-20 CVE-2001-0541

Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Open Source Vulnerability Database (OSVDB)

id Description
67588 Microsoft Windows Indeo Filter Path Subversion Arbitrary DLL Injection Code E...
60855 Microsoft Windows Intel Indeo41 Codec IV41 movi Record Handling Overflow
14399 Microsoft Windows Media Player .wmf Detection Auto-Run Weakness
1915 Microsoft Windows Media Player .NSC File Overflow

OpenVAS Exploits

id Description
2012-02-15 Name : MS Windows Indeo Codec Remote Code Execution Vulnerability (2661637)
File : nvt/secpod_ms12-014.nasl
2009-12-17 Name : Microsoft Windows Indeo Codec Multiple Vulnerabilities
File : nvt/gb_ms_indeo_codec_mult_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2012-B-0019 Microsoft Indeo Codec Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0031353
2009-B-0069 Multiple Vulnerabilities in Indeo Codec affecting Microsoft Windows
Severity: Category II - VMSKEY: V0022163

Snort® IPS/IDS

Date Description
2014-01-10 Multiple Vendors request for iacenc.dll over SMB attempt
RuleID : 18532 - Type : OS-WINDOWS - Revision : 10
2014-01-10 Multiple Vendors iacenc.dll dll-load exploit attempt
RuleID : 18531 - Type : SERVER-OTHER - Revision : 10

Nessus® Vulnerability Scanner

id Description
2012-02-14 Name: Arbitrary code can be executed on the remote Windows host through the Indeo c...
File: smb_nt_ms12-014.nasl - Type: ACT_GATHER_INFO
2009-12-09 Name: The remote host is missing a security update that mitigates multiple vulnerab...
File: smb_kb_955759.nasl - Type: ACT_GATHER_INFO