CVE-2007-0064

EPSS 74.23%
Published 12.12.2007 00:46:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows Media Format Runtime Version7.1

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Windows Media Format Runtime Version9

Microsoft ≫ Windows 2000 Updatesp4
Microsoft ≫ Windows Xp Updatesp2

Microsoft ≫ Windows Media Format Runtime Version9.5

   Microsoft ≫ Windows 2003 Server Editionx64
   Microsoft ≫ Windows 2003 Server Updatesp1
   Microsoft ≫ Windows 2003 Server Updatesp2
   Microsoft ≫ Windows 2003 Server Updatesp2 Editionx64
   Microsoft ≫ Windows Xp Editionx64
   Microsoft ≫ Windows Xp Updatesp2
   Microsoft ≫ Windows Xp Updatesp2 Editionx64

Microsoft ≫ Windows Media Format Runtime Version9.5 Editionx64

   Microsoft ≫ Windows 2003 Server Editionx64
   Microsoft ≫ Windows 2003 Server Updatesp2 Editionx64
   Microsoft ≫ Windows Xp Editionx64
   Microsoft ≫ Windows Xp Updatesp2 Editionx64

Microsoft ≫ Windows Media Format Runtime Version11

   Microsoft ≫ Windows Vista Editionx64
   Microsoft ≫ Windows Vista Version-
   Microsoft ≫ Windows Xp Editionx64
   Microsoft ≫ Windows Xp Updatesp2
   Microsoft ≫ Windows Xp Updatesp2 Editionx64

Microsoft ≫ Windows Media Services Version9.1

   Microsoft ≫ Windows 2003 Server Editionx64
   Microsoft ≫ Windows 2003 Server Updatesp1
   Microsoft ≫ Windows 2003 Server Updatesp2
   Microsoft ≫ Windows 2003 Server Updatesp2 Editionx64

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	74.23%	0.988

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/archive/1/485268/100/0/threaded

http://www.us-cert.gov/cas/techalerts/TA07-345A.html

US Government Resource

http://secunia.com/advisories/28034

Vendor Advisory

http://www.kb.cert.org/vuls/id/319385

US Government Resource

http://www.securityfocus.com/bid/26776

http://www.securitytracker.com/id?1019074

http://www.vupen.com/english/advisories/2007/4183

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-068

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3622

https://nvd.nist.gov/vuln/detail/CVE-2007-0064

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-0064

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-0064

EUVD