Executive Summary

Informations
Name CVE-2011-0042 First vendor Publication 2011-03-09
Vendor Cve Last vendor Modification 2023-12-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0042

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12281
 
Oval ID: oval:org.mitre.oval:def:12281
Title: DVR-MS Vulnerability
Description: SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0042
Version: 7
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 3
Os 2
Os 2

SAINT Exploits

Description Link
Microsoft Windows Media Player DVR-MS File Code Execution More info here

OpenVAS Exploits

Date Description
2011-03-09 Name : Microsoft Windows Media Remote Code Execution Vulnerabilities (2510030)
File : nvt/secpod_ms11-015.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
71016 Microsoft Windows Media Player / Center .dvr-ms File Handling Arbitrary Code ...

Microsoft Windows Media Player and Center contain a flaw related to the Stream Buffer Engine (SBE.dll) not properly parsing Microsoft Digital Video Recording (.dvr-ms) media files that may allow an attacker to execute arbitrary code. No further details have been provided.

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-03-10 IAVM : 2011-A-0031 - Multiple Vulnerabilities in Microsoft Windows Media
Severity : Category II - VMSKEY : V0026088

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Media Player dvr-ms file parsing remote code execution attempt
RuleID : 18498 - Revision : 16 - Type : FILE-OTHER
2014-01-10 Microsoft Windows Media Player and shell extension request for ehtrace.dll ov...
RuleID : 18497 - Revision : 17 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows Media Player and shell extension ehtrace.dll dll-load explo...
RuleID : 18496 - Revision : 15 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2011-03-08 Name : The version of Windows Media installed on the remote host has multiple code e...
File : smb_nt_ms11-015.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/46680
CERT http://www.us-cert.gov/cas/techalerts/TA11-067A.html
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11...
OSVDB http://osvdb.org/71016
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECTRACK http://www.securitytracker.com/id?1025169
SECUNIA http://secunia.com/advisories/43626
VUPEN http://www.vupen.com/english/advisories/2011/0615

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Date Informations
2024-02-02 01:15:02
  • Multiple Updates
2024-02-01 12:04:12
  • Multiple Updates
2023-12-07 21:28:03
  • Multiple Updates
2023-09-05 12:14:03
  • Multiple Updates
2023-09-05 01:04:04
  • Multiple Updates
2023-09-02 12:14:06
  • Multiple Updates
2023-09-02 01:04:07
  • Multiple Updates
2023-08-12 12:16:57
  • Multiple Updates
2023-08-12 01:04:08
  • Multiple Updates
2023-08-11 12:14:11
  • Multiple Updates
2023-08-11 01:04:16
  • Multiple Updates
2023-08-06 12:13:38
  • Multiple Updates
2023-08-06 01:04:09
  • Multiple Updates
2023-08-04 12:13:43
  • Multiple Updates
2023-08-04 01:04:10
  • Multiple Updates
2023-07-14 12:13:40
  • Multiple Updates
2023-07-14 01:04:08
  • Multiple Updates
2023-03-29 01:15:37
  • Multiple Updates
2023-03-28 12:04:13
  • Multiple Updates
2022-10-11 12:12:12
  • Multiple Updates
2022-10-11 01:03:54
  • Multiple Updates
2021-05-04 12:13:44
  • Multiple Updates
2021-04-22 01:14:53
  • Multiple Updates
2020-05-23 00:27:30
  • Multiple Updates
2019-05-09 12:03:36
  • Multiple Updates
2018-10-31 00:20:09
  • Multiple Updates
2018-10-13 00:23:02
  • Multiple Updates
2017-09-19 09:24:07
  • Multiple Updates
2016-09-30 01:02:45
  • Multiple Updates
2016-08-05 12:02:50
  • Multiple Updates
2016-06-28 18:28:54
  • Multiple Updates
2016-04-26 20:27:04
  • Multiple Updates
2014-02-17 10:59:18
  • Multiple Updates
2014-01-19 21:27:21
  • Multiple Updates
2013-11-11 12:39:09
  • Multiple Updates
2013-05-10 22:51:55
  • Multiple Updates