9.3
CVE-2007-3895
- EPSS 36.23%
- Veröffentlicht 12.12.2007 00:46:00
- Zuletzt bearbeitet 16.06.2026 22:42:59
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Directx Version9.0c
Microsoft ≫ Windows 2000 Updatesp4
Microsoft ≫ Windows 2003 Server Editionx64
Microsoft ≫ Windows 2003 Server Updatesp1
Microsoft ≫ Windows 2003 Server Updatesp1 Editionitanium
Microsoft ≫ Windows 2003 Server Updatesp2
Microsoft ≫ Windows 2003 Server Updatesp2 Editionitanium
Microsoft ≫ Windows 2003 Server Updatesp2 Editionx64
Microsoft ≫ Windows Xp Editionx64
Microsoft ≫ Windows Xp Updatesp2
Microsoft ≫ Windows Xp Updatesp2 Editionx64
Microsoft ≫ Windows 2003 Server Editionx64
Microsoft ≫ Windows 2003 Server Updatesp1
Microsoft ≫ Windows 2003 Server Updatesp1 Editionitanium
Microsoft ≫ Windows 2003 Server Updatesp2
Microsoft ≫ Windows 2003 Server Updatesp2 Editionitanium
Microsoft ≫ Windows 2003 Server Updatesp2 Editionx64
Microsoft ≫ Windows Xp Editionx64
Microsoft ≫ Windows Xp Updatesp2
Microsoft ≫ Windows Xp Updatesp2 Editionx64
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 36.23% | 0.983 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://www.securityfocus.com/archive/1/485268/100/0/threaded
http://www.us-cert.gov/cas/techalerts/TA07-345A.html
http://secunia.com/advisories/28010
http://www.iss.net/threats/280.html
http://www.kb.cert.org/vuls/id/321233
http://www.securityfocus.com/bid/26804
http://www.securitytracker.com/id?1019073
http://www.vupen.com/english/advisories/2007/4180
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-064
https://exchange.xforce.ibmcloud.com/vulnerabilities/38722
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4287