cbcvebase.
CVE-2011-0042
published 2011-03-09

CVE-2011-0042: SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005…

PriorityP352high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
33.28%
98.2th percentile
SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."

Affected

1 ranges
VendorProductVersion rangeFixed in
microsoftwindows_xp_media_center

Detection & IOCsextracted from sources · hover to see the quote

filenameSBE.dll
other.dvr-ms
  • Monitor for opening of specially crafted .dvr-ms files by Windows Media Player or Windows Media Center processes, which may trigger arbitrary code execution via SBE.dll.
  • Alert on .dvr-ms file parsing activity routed through SBE.dll (Stream Buffer Engine), particularly when files originate from untrusted/remote sources.
  • ·Vulnerability is triggered only when a user opens a specially crafted .dvr-ms file; exploitation requires user interaction (social engineering).
  • ·Affected platforms span multiple Windows versions; detections should account for Windows XP SP2/SP3, XP MCE 2005 SP3, Vista SP1/SP2, Windows 7 Gold/SP1, and Windows Media Center TV Pack for Vista.

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.