Remote Code Execution Vulnerability in Windows Media Format Runtime by Microsoft
CVE-2013-3127

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Media Format Runtime; Windows Media Player
Vendor: CVE Published:; 10 July 2013

Summary

This vulnerability occurs in the Microsoft WMV video codec components, specifically in wmv9vcm.dll, wmvdmod.dll, and wmvdecod.dll, enabling remote attackers to execute arbitrary code on the system. By crafting a specially designed media file, an attacker can exploit this flaw when the file is processed by affected versions of Windows Media Format Runtime and Windows Media Player, potentially gaining control over the affected system. Users are advised to update their software to mitigate this risk.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/ncas/alerts/TA13-190A

third-party-advisoryx_refsource_CERT

EPSS Score

40% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 10, 2013
Vulnerability Reserved
Apr 17, 2013