Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1042Out-of-bounds Write in Microsoft Windows Media Player

4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
41.6%
top 2.58%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Windows Media Player
Timeline
PublishedMar 23
Latest updateMay 2

Description

Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/windows_media_player11, 11.0.5721.5145, 11.0.6000.6324+2

🔴Vulnerability Details

2
GHSA
GHSA-2j3m-rxqm-r548: Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory2022-05-02
CVEList
CVE-2010-1042: Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory2010-03-22

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows Media Player 11 - '.AVI' File Colorspace Conversion Remote Memory Corruption2010-03-17
CVE-2010-1042 — Out-of-bounds Write in Microsoft | cvebase