Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-5745

CWE-1895 documents4 sources
Severity
4.3MEDIUM
EPSS
36.3%
top 2.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Windows Media Player
Timeline
PublishedDec 29
Latest updateMay 14

Description

Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-vhq2-p9cv-x883: Integer overflow in quartz2022-05-14
CVEList
CVE-2008-5745: Integer overflow in quartz2008-12-29

💥Exploits & PoCs

2
Exploit-DB
Microsoft Windows Media Player 9/10/11 - '.WAV' File Parsing Code Execution2008-12-29
Exploit-DB
Microsoft Windows Media Player - '.wav' Remote Crash (PoC)2008-12-28
CVE-2008-5745 (MEDIUM CVSS 4.3) | Integer overflow in quartz.dll in t | cvebase.io