OpenCVE

Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows 2000 Windows 2003 Server Windows Media Format Runtime Windows Media Services Windows Vista Windows Xp

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

cpe:2.3:a:microsoft:windows_media_format_runtime:7.1:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:microsoft:windows_2000::sp4::::::*
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*

cpe:2.3:a:microsoft:windows_media_format_runtime:9:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:microsoft:windows_2003_server:::x64:::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp1::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_xp:::x64:::::*
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp::sp2:x64:::::

cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:microsoft:windows_2003_server:::x64:::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_xp:::x64:::::*
	cpe:2.3:o:microsoft:windows_xp::sp2:x64:::::

cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:x64:*:*:*:*:*

Configuration 5 [-]

AND

OR	cpe:2.3:o:microsoft:windows_vista:::x64:::::*
	cpe:2.3:o:microsoft:windows_vista:-:::::::*
	cpe:2.3:o:microsoft:windows_xp:::x64:::::*
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp::sp2:x64:::::

cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*

Configuration 6 [-]

AND

OR	cpe:2.3:o:microsoft:windows_2003_server:::x64:::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp1::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2:x64:::::

cpe:2.3:a:microsoft:windows_media_services:9.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/28034
http://www.kb.cert.org/vuls/id/319385
http://www.securityfocus.com/archive/1/485268/100/0/threaded
http://www.securityfocus.com/bid/26776
http://www.securitytracker.com/id?1019074
http://www.us-cert.gov/cas/techalerts/TA07-345A.html
http://www.vupen.com/english/advisories/2007/4183
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-068
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3622

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-12-12T00:00:00

Updated: 2024-08-07T12:03:37.104Z

Reserved: 2007-01-04T00:00:00

Link: CVE-2007-0064

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-12-12T00:46:00.000

Modified: 2024-11-21T00:24:53.247

Link: CVE-2007-0064

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object