Vulnerability Details CVE-2007-3035
Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.521
EPSS Ranking 97.7%
CVSS Severity
CVSS v2 Score 7.6
References
- http://secunia.com/advisories/26433
- http://securitytracker.com/id?1018565
- http://www.securityfocus.com/archive/1/476548/100/0/threaded
- http://www.securityfocus.com/bid/25305
- http://www.us-cert.gov/cas/techalerts/TA07-226A.html
- http://www.vupen.com/english/advisories/2007/2871
- http://www.zerodayinitiative.com/advisories/ZDI-07-047.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-047
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35895
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1352
- http://secunia.com/advisories/26433
- http://securitytracker.com/id?1018565
- http://www.securityfocus.com/archive/1/476548/100/0/threaded
- http://www.securityfocus.com/bid/25305
- http://www.us-cert.gov/cas/techalerts/TA07-226A.html
- http://www.vupen.com/english/advisories/2007/2871
- http://www.zerodayinitiative.com/advisories/ZDI-07-047.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-047
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35895
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1352
Products affected by CVE-2007-3035
-
cpe:2.3:a:microsoft:windows_media_player:10
-
cpe:2.3:a:microsoft:windows_media_player:11
-
cpe:2.3:a:microsoft:windows_media_player:7.1
-
cpe:2.3:a:microsoft:windows_media_player:9