Remote Code Execution Vulnerability in Microsoft Windows Media Player 11
CVE-2008-2253

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Media Player
Vendor: CVE Published:; 11 September 2008

Summary

An unspecified vulnerability in Microsoft Windows Media Player 11 permits remote attackers to execute arbitrary code by manipulating audio-only files streamed from a Server-Side Playlist (SSPL) on Windows Media Server. This exploitation occurs when a user is tricked into opening a specially crafted audio file, potentially leading to unauthorized actions on the affected system.

References

http://www.vupen.com/english/advisories/2008/2522

vdb-entryx_refsource_VUPEN

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id...

x_refsource_CONFIRM

http://marc.info/?l=bugtraq&m=122235754013992&w=2

vendor-advisoryx_refsource_HP

EPSS Score

42% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 11, 2008
Vulnerability Reserved
May 16, 2008