Buffer overflow in Windows Media Player

#VU41871 Buffer overflow in Windows Media Player

Cybersecurity Help s.r.o.

Published: 2020-08-11

Vulnerability identifier: #VU41871

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2014-2671

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Windows Media Player
Client/Desktop applications / Multimedia software

Vendor: Microsoft

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Windows Media Player: 11.0.5721.5230

External links
http://packetstormsecurity.com/files/125834
http://www.exploit-db.com/exploits/32477/
http://www.securityfocus.com/bid/66403
http://exchange.xforce.ibmcloud.com/vulnerabilities/92080

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Buffer overflow in Microsoft Windows Media Player