Lucene search

[email protected]NVD:CVE-2007-5095

HistorySep 26, 2007 - 10:17 p.m.

CVE-2007-5095

2007-09-2622:17:00

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.577

Percentile

97.8%

JSON

Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file.

Affected configurations

Nvd

Node

microsoftwindows_xpsp2

AND

microsoftwindows_media_playerMatch9

VendorProductVersionCPE
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
microsoftwindows_media_player9cpe:2.3:a:microsoft:windows_media_player:9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
microsoft	windows_media_player	9	cpe:2.3:a:microsoft:windows_media_player:9:::::::*

References

osvdb.org/41093

www.gnucitizen.org/blog/backdooring-windows-media-files

www.securityfocus.com/archive/1/479825/100/100/threaded

www.securityfocus.com/archive/1/479854/100/100/threaded

www.securityfocus.com/archive/1/479855/100/100/threaded

www.securityfocus.com/archive/1/479856/100/100/threaded

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.577

Percentile

97.8%

JSON

Related for NVD:CVE-2007-5095

cvelist1 cve1 prion1