Vulnerabilities > Microsoft > Windows Media Player
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2001-06-27 | CVE-2001-0242 | Buffer Overflow vulnerability in Microsoft Windows Media Player 6.3/6.4/7 Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an .ASX file, or (2) a long banner tag, a variant of the ".ASX Buffer Overrun" vulnerability as discussed in MS:MS00-090. | 7.5 |
| 2001-06-02 | CVE-2001-0148 | Unspecified vulnerability in Microsoft Windows Media Player 7 The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability. | 7.5 |
| 2001-03-12 | CVE-2001-0137 | Unspecified vulnerability in Microsoft Windows Media Player 7 Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability. | 5.1 |
| 2001-01-09 | CVE-2000-1113 | Unspecified vulnerability in Microsoft Windows Media Player 6.4/7 Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability. | 7.5 |
| 2001-01-09 | CVE-2000-1112 | Unspecified vulnerability in Microsoft Windows Media Player 6.4/7 Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability. | 4.6 |
| 2000-12-19 | CVE-2000-0929 | Unspecified vulnerability in Microsoft Windows Media Player 7 Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability. | 5.0 |