Vulnerabilities In Windows Media Player Could Allow Remote Code Execution (936782) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS07-047.

Impact

Successful exploitation will allow the attacker to execute arbitrary code in the context of the user running the application. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms07-047.mspx

Insight

The flaws are due to an errors in the parsing of header information in skin files.

Affected

Microsoft Windows Media Player 7.1 Microsoft Windows Media Player 9 Microsoft Windows Media Player 10

References

http://osvdb.org/36385
http://secunia.com/advisories/26433
http://www.microsoft.com/technet/security/bulletin/ms07-047.mspx
http://xforce.iss.net/xforce/xfdb/35895

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-3035, CVE-2007-3037

CVSS	Base Score: 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft GDI+ Remote Code Execution Vulnerability (2489979)
Microsoft Active Directory Denial of Service Vulnerability (953235)
Cumulative Security Update for Internet Explorer (953838)
Flaw in Microsoft VM Could Allow Code Execution (810030)
Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)

Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)

Take action and discover your vulnerabilities