CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
98.6%
Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | windows_2000 | * | cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:* |
microsoft | windows_media_format_runtime | 7.1 | cpe:2.3:a:microsoft:windows_media_format_runtime:7.1:*:*:*:*:*:*:* |
microsoft | windows_xp | * | cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:* |
microsoft | windows_media_format_runtime | 9 | cpe:2.3:a:microsoft:windows_media_format_runtime:9:*:*:*:*:*:*:* |
microsoft | windows_2003_server | * | cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:* |
microsoft | windows_2003_server | * | cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:* |
microsoft | windows_2003_server | * | cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:* |
microsoft | windows_2003_server | * | cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:* |
microsoft | windows_xp | * | cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:* |
microsoft | windows_xp | * | cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:* |
secunia.com/advisories/28034
www.kb.cert.org/vuls/id/319385
www.securityfocus.com/archive/1/485268/100/0/threaded
www.securityfocus.com/bid/26776
www.securitytracker.com/id?1019074
www.us-cert.gov/cas/techalerts/TA07-345A.html
www.vupen.com/english/advisories/2007/4183
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-068
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3622