Vulnerabilities > Microsoft > Windows Media Player > 6.4

DATE CVE VULNERABILITY TITLE RISK
2009-10-14 CVE-2009-2527 Buffer Errors vulnerability in Microsoft Windows Media Player 6.4
Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability."
network
microsoft CWE-119
critical
9.3
2008-12-10 CVE-2008-3010 Information Exposure vulnerability in Microsoft Windows Media Player 6.4
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability."
network
low complexity
microsoft CWE-200
critical
10.0
2008-12-10 CVE-2008-3009 Credentials Management vulnerability in Microsoft products
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
network
low complexity
microsoft CWE-255
critical
10.0
2007-12-17 CVE-2007-6401 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402.
network
3ivx microsoft CWE-119
critical
9.3
2006-12-13 CVE-2006-4702 Remote ASF File Buffer Overflow vulnerability in Microsoft products
Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
network
microsoft
6.8
2003-12-31 CVE-2003-1107 Security Bypass vulnerability in Windows Media Player
The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions.
network
high complexity
microsoft
5.1
2002-12-31 CVE-2002-1847 Buffer Overflow vulnerability in Microsoft Windows Media Player Filename
Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument.
network
low complexity
microsoft
7.5
2002-07-03 CVE-2002-0372 Path Disclosure vulnerability in Windows Media Player IE Cache
Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player".
network
low complexity
microsoft
7.5
2002-06-25 CVE-2002-0340 Unspecified vulnerability in Microsoft Windows Media Player
Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when the file's extension or content type does not specify .wmf, which could make it easier for attackers to conduct unauthorized activities via Trojan horse files containing .wmf content.
network
low complexity
microsoft
7.5
2001-12-06 CVE-2001-0719 Buffer Overflow vulnerability in Microsoft Windows Media Player 6.4
Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file.
network
low complexity
microsoft
7.5