Vulnerability Details CVE-2010-2745
Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.587
EPSS Ranking 98.1%
CVSS Severity
CVSS v2 Score 9.3
References
- http://www.securitytracker.com/id?1024550
- http://www.us-cert.gov/cas/techalerts/TA10-285A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-082
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6653
- http://www.securitytracker.com/id?1024550
- http://www.us-cert.gov/cas/techalerts/TA10-285A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-082
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6653
Products affected by CVE-2010-2745
-
cpe:2.3:a:microsoft:windows_media_player:10
-
cpe:2.3:a:microsoft:windows_media_player:11
-
cpe:2.3:a:microsoft:windows_media_player:12
-
cpe:2.3:a:microsoft:windows_media_player:9
-
cpe:2.3:o:microsoft:windows_2003_server:-
-
cpe:2.3:o:microsoft:windows_7:-
-
cpe:2.3:o:microsoft:windows_7:sp1
-
cpe:2.3:o:microsoft:windows_server_2003:-
-
cpe:2.3:o:microsoft:windows_server_2003:r2
-
cpe:2.3:o:microsoft:windows_server_2008:-
-
cpe:2.3:o:microsoft:windows_server_2008:r2
-
cpe:2.3:o:microsoft:windows_vista:-
-
cpe:2.3:o:microsoft:windows_xp:-
-
cpe:2.3:o:microsoft:windows_xp:unknown