Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5745

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-5745
Last Modified 19 May 2009 01:30:26
Published 29 Dec 2008 10:24:23
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5745

Summary

Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927.

Vulnerable Systems

Application

  • Microsoft Windows Media Player 10

  • Microsoft Windows Media Player 11

  • Microsoft Windows Media Player 9


References

XF - win-mediaplayer-wav-snd-mid-dos(47664)

SECTRACK - 1021495

BID - 33018

BUGTRAQ - 20081224 MS Windows Media Player * (.WAV) Remote Integrer Overflow

MILW0RM - 7585

SREASON - 4823


Last Updated: 27 May 2016 10:48:54