CVE-2001-0242 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows Media Player

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

12.7%

top 6.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Media Player

Timeline

PublishedJun 27

Latest updateApr 30

Description

Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an .ASX file, or (2) a long banner tag, a variant of the ".ASX Buffer Overrun" vulnerability as discussed in MS:MS00-090.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/windows_media_player6.3, 6.4, 7+2

🔴Vulnerability Details

GHSA

GHSA-gr9h-667f-jqmg: Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an↗2022-04-30

▶

CVEList

CVE-2001-0242: Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an↗2001-05-24

▶