Windows Media Player
by Microsoft
CVEs (75)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-0719 | 0.01 | — | 0.17 | Dec 6, 2001 | Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file. | |||
| CVE-2001-0541 | 0.01 | — | 0.16 | Sep 20, 2001 | Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file. | |||
| CVE-2001-0243 | 0.01 | — | 0.18 | Jun 27, 2001 | Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows… | |||
| CVE-2023-29370 | 0.00 | — | 0.01 | Jun 13, 2023 | Windows Media Remote Code Execution Vulnerability | |||
| CVE-2023-23402 | 0.00 | — | 0.01 | Mar 14, 2023 | Windows Media Remote Code Execution Vulnerability | |||
| CVE-2023-23401 | 0.00 | — | 0.01 | Mar 14, 2023 | Windows Media Remote Code Execution Vulnerability | |||
| CVE-2023-21802 | 0.00 | — | 0.01 | Feb 14, 2023 | Windows Media Remote Code Execution Vulnerability | |||
| CVE-2022-44668 | 0.00 | — | 0.01 | Dec 13, 2022 | Windows Media Remote Code Execution Vulnerability | |||
| CVE-2021-33740 | 0.00 | — | 0.03 | Jul 14, 2021 | Windows Media Remote Code Execution Vulnerability | |||
| CVE-2008-4927 | 0.00 | — | 0.04 | Nov 4, 2008 | Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown; the details are… | |||
| CVE-2005-1574 | 0.00 | — | 0.05 | May 14, 2005 | Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the "Acquire licenses automatically for protected content" setting is not enabled. | |||
| CVE-2003-1107 | 0.00 | — | 0.05 | Dec 31, 2003 | The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions. | |||
| CVE-2002-0615 | 0.00 | — | 0.06 | Jul 3, 2002 | The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation". | |||
| CVE-2002-0373 | 0.00 | — | 0.02 | Jul 3, 2002 | The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through… | |||
| CVE-2002-0340 | 0.00 | — | 0.04 | Jun 25, 2002 | Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when the file's extension or content type does not specify .wmf, which could make it easier for attackers to conduct unauthorized activities via… |
- CVE-2001-0719Dec 6, 2001risk 0.01cvss —epss 0.17
Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file.
- CVE-2001-0541Sep 20, 2001risk 0.01cvss —epss 0.16
Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file.
- CVE-2001-0243Jun 27, 2001risk 0.01cvss —epss 0.18
Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows…
- CVE-2023-29370Jun 13, 2023risk 0.00cvss —epss 0.01
Windows Media Remote Code Execution Vulnerability
- CVE-2023-23402Mar 14, 2023risk 0.00cvss —epss 0.01
Windows Media Remote Code Execution Vulnerability
- CVE-2023-23401Mar 14, 2023risk 0.00cvss —epss 0.01
Windows Media Remote Code Execution Vulnerability
- CVE-2023-21802Feb 14, 2023risk 0.00cvss —epss 0.01
Windows Media Remote Code Execution Vulnerability
- CVE-2022-44668Dec 13, 2022risk 0.00cvss —epss 0.01
Windows Media Remote Code Execution Vulnerability
- CVE-2021-33740Jul 14, 2021risk 0.00cvss —epss 0.03
Windows Media Remote Code Execution Vulnerability
- CVE-2008-4927Nov 4, 2008risk 0.00cvss —epss 0.04
Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown; the details are…
- CVE-2005-1574May 14, 2005risk 0.00cvss —epss 0.05
Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the "Acquire licenses automatically for protected content" setting is not enabled.
- CVE-2003-1107Dec 31, 2003risk 0.00cvss —epss 0.05
The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions.
- CVE-2002-0615Jul 3, 2002risk 0.00cvss —epss 0.06
The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation".
- CVE-2002-0373Jul 3, 2002risk 0.00cvss —epss 0.02
The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through…
- CVE-2002-0340Jun 25, 2002risk 0.00cvss —epss 0.04
Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when the file's extension or content type does not specify .wmf, which could make it easier for attackers to conduct unauthorized activities via…
Page 4 of 4