Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-2671

CWE-119 — Buffer Overflow11 documents5 sources

Severity

6.8MEDIUM

EPSS

30.9%

top 3.27%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows Media Player

Timeline

PublishedMar 31

Latest updateMay 17

Description

Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/windows_media_player11.0.5721.5230

🔴Vulnerability Details

GHSA

GHSA-6rc2-m2cx-8vx2: Microsoft Windows Media Player (WMP) 11↗2022-05-17

▶

CVEList

CVE-2014-2671: Microsoft Windows Media Player (WMP) 11↗2014-03-30

▶

💥Exploits & PoCs

Exploit-DB

GOM Video Converter 1.1.0.60 - '.wav' Memory Corruption (PoC)↗2014-03-24

▶

Exploit-DB

jetVideo 8.1.1 - Basic '.wav' Local Crash (PoC)↗2014-03-24

▶

Exploit-DB

GOM Media Player (GOMMP) 2.2.56.5183 - Memory Corruption (PoC)↗2014-03-24

▶

Exploit-DB

Microsoft Windows Media Player 11.0.5721.5230 - Memory Corruption (PoC)↗2014-03-24

▶

Exploit-DB

Light Audio Player 1.0.14 - Memory Corruption (PoC)↗2014-03-24

▶