Windows Media Player Remote Code Execution Risk via Malformed Skin Files
CVE-2007-3035

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Media Player
Vendor: CVE Published:; 14 August 2007

Summary

A vulnerability has been identified in Microsoft Windows Media Player versions 7.1, 9, 10, and 11 that could allow remote attackers to execute arbitrary code on the affected system. This is achieved through the manipulation of specially crafted skin files (WMZ or WMD) where improper handling of header information during decompression can lead to execution of malicious code. Users of the affected versions are encouraged to update to the latest patches to mitigate potential exploits.

References

http://www.securityfocus.com/bid/25305

vdb-entryx_refsource_BID

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/cas/techalerts/TA07-226A.html

third-party-advisoryx_refsource_CERT

EPSS Score

52% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 14, 2007
Vulnerability Reserved
Jun 5, 2007