VYPR

Windows Media Player

by Microsoft

CVEs (75)

  • CVE-2012-0003HigJan 10, 2012
    risk 0.61cvss 8.1epss 0.69

    Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote…

  • CVE-2016-0101HigMar 9, 2016
    risk 0.59cvss 8.8epss 0.20

    Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via crafted media content, aka "Windows Media Parsing Remote Code Execution…

  • CVE-2011-0042HigMar 9, 2011
    risk 0.53cvss 7.8epss 0.33

    SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not…

  • CVE-2026-48574HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.

  • CVE-2002-1844HigDec 31, 2002
    risk 0.51cvss 7.8epss 0.01

    Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges.

  • CVE-2017-0042LowMar 17, 2017
    risk 0.23cvss 3.1epss 0.30

    Windows Media Player in Microsoft Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; Windows 7 SP1; Windows 2008 SP2 and R2 SP1, Windows Server 2016; Windows Vista SP2; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted…

  • CVE-2018-8482LowOct 10, 2018
    risk 0.21cvss 3.1epss 0.05

    An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server…

  • CVE-2018-8481LowOct 10, 2018
    risk 0.21cvss 3.1epss 0.05

    An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server…

  • CVE-2017-11768LowNov 15, 2017
    risk 0.17cvss 2.5epss 0.06

    Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of…

  • CVE-2004-0597Nov 23, 2004
    risk 0.10cvss epss 0.83

    Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or…

  • CVE-2014-2671Mar 31, 2014
    risk 0.07cvss epss 0.46

    Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.

  • CVE-2006-0006Feb 14, 2006
    risk 0.07cvss epss 0.54

    Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap…

  • CVE-2003-0228May 27, 2003
    risk 0.07cvss epss 0.46

    Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed…

  • CVE-2006-0005Feb 14, 2006
    risk 0.06cvss epss 0.44

    Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element…

  • CVE-2002-1847Dec 31, 2002
    risk 0.06cvss epss 0.34

    Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a…

  • CVE-2010-2745Oct 13, 2010
    risk 0.05cvss epss 0.24

    Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory…

  • CVE-2010-3138Aug 27, 2010
    risk 0.05cvss epss 0.27

    Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a…

  • CVE-2008-5745Dec 29, 2008
    risk 0.05cvss epss 0.21

    Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has…

  • CVE-2007-6401Dec 17, 2007
    risk 0.05cvss epss 0.30

    Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402.

  • CVE-2001-0148Jun 2, 2001
    risk 0.05cvss epss 0.27

    The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability.

Page 1 of 4