Vulnerabilities In Windows Media Player Could Allow Remote Code Execution (936782) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS07-047.

Impact

Successful exploitation will allow the attacker to execute arbitrary code in the context of the user running the application. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms07-047.mspx

Insight

The flaws are due to an errors in the parsing of header information in skin files.

Affected

Microsoft Windows Media Player 7.1 Microsoft Windows Media Player 9 Microsoft Windows Media Player 10

References

http://osvdb.org/36385
http://secunia.com/advisories/26433
http://www.microsoft.com/technet/security/bulletin/ms07-047.mspx
http://xforce.iss.net/xforce/xfdb/35895

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-3035, CVE-2007-3037

CVSS	Base Score: 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)
Microsoft .NET Framework Privilege Elevation Vulnerability (3005210)
Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212)
Cumulative Security Update for Internet Explorer (937143)
Microsoft Forefront Protection For Exchange RCE Vulnerability (2927022)

Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)

Take action and discover your vulnerabilities