CVE-2013-3127 — Code Injection in Microsoft Windows Media Format Runtime

CWE-94 — Code Injection3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

35.5%

top 2.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Media Format Runtime Microsoft Windows Media Player

Timeline

PublishedJul 10

Latest updateMay 14

Description

The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/windows_media_format_runtime11, 9, 9.5+2

▶NVDmicrosoft/windows_media_player11, 12+1

🔴Vulnerability Details

GHSA

GHSA-pgj9-vw6w-2mwc: The Microsoft WMV video codec in wmv9vcm↗2022-05-14

▶

CVEList

CVE-2013-3127: The Microsoft WMV video codec in wmv9vcm↗2013-07-10

▶