Vulnerabilities > CVE-2008-5745 - Numeric Errors vulnerability in Microsoft Windows Media Player 10/11/9
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927. This bug cannot be leveraged for code execution according to the vendor. Source 1 - http://blogs.technet.com/swi/archive/2008/12/29/windows-media-player-crash-not-exploitable-for-code-execution.aspx Source 2 - http://blogs.technet.com/msrc/archive/2008/12/29/questions-about-vulnerability-claim-in-windows-media-player.aspx
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Exploit-Db
description Microsoft Windows Media Player 9/10/11 WAV File Parsing Code Execution Vulnerability. CVE-2008-5745. Remote exploit for windows platform id EDB-ID:32684 last seen 2016-02-03 modified 2008-12-29 published 2008-12-29 reporter anonymous source https://www.exploit-db.com/download/32684/ title Microsoft Windows Media Player 9/10/11 WAV File Parsing Code Execution Vulnerability description MS Windows Media Player * (.WAV) Remote Crash PoC. CVE-2008-5745. Dos exploit for windows platform file exploits/windows/dos/7585.txt id EDB-ID:7585 last seen 2016-02-01 modified 2008-12-28 platform windows port published 2008-12-28 reporter laurent gaffié source https://www.exploit-db.com/download/7585/ title Microsoft Windows Media Player - .WAV Remote Crash PoC type dos