Vulnerabilities > Microsoft > Windows Media Player

DATE CVE VULNERABILITY TITLE RISK
2017-11-15 CVE-2017-11768 Information Exposure vulnerability in Microsoft Windows Media Player
Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application.
1.9
2015-06-10 CVE-2015-1728 Code vulnerability in Microsoft Windows Media Player
Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability."
network
microsoft CWE-17
critical
9.3
2014-03-31 CVE-2014-2671 Buffer Errors vulnerability in Microsoft Windows Media Player 11.0.5721.5230
Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.
network
microsoft CWE-119
6.8
2013-07-10 CVE-2013-3127 Code Injection vulnerability in Microsoft Windows Media Format Runtime and Windows Media Player
The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability."
network
microsoft CWE-94
critical
9.3
2010-10-13 CVE-2010-2745 Code Injection vulnerability in Microsoft Windows Media Player
Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability."
network
microsoft CWE-94
critical
9.3
2010-08-27 CVE-2010-3138 Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information.
network
microsoft bsplayer
critical
9.3
2010-04-14 CVE-2010-0268 Unspecified vulnerability in Microsoft Windows 2000, Windows Media Player and Windows XP
Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
network
microsoft
critical
9.3
2010-03-23 CVE-2010-1042 Remote Memory Corruption vulnerability in Microsoft Windows Media Player AVI File Colorspace Conversion
Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file.
network
microsoft
4.3
2010-02-26 CVE-2010-0718 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows Media Player 11.0.5721.5145/9
Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file.
network
microsoft CWE-119
4.3
2009-12-13 CVE-2009-4309 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products
Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
network
microsoft CWE-119
critical
9.3