CVE-2008-2253 — Code Injection in Microsoft Windows Media Player

CWE-94 — Code Injection3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

49.7%

top 2.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Media Player

Timeline

PublishedSep 11

Latest updateMay 1

Description

Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windows_media_player11

🔴Vulnerability Details

GHSA

GHSA-5c77-wp2j-j23w: Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is↗2022-05-01

▶

CVEList

CVE-2008-2253: Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is↗2008-09-10

▶