CVE-2007-0064

Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_format_runtime:7.1:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_format_runtime:9:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:x64:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_services:9.1:*:*:*:*:*:*:*

History

21 Nov 2024, 00:24

Type Values Removed Values Added
References () http://secunia.com/advisories/28034 - Vendor Advisory () http://secunia.com/advisories/28034 - Vendor Advisory
References () http://www.kb.cert.org/vuls/id/319385 - US Government Resource () http://www.kb.cert.org/vuls/id/319385 - US Government Resource
References () http://www.securityfocus.com/archive/1/485268/100/0/threaded - () http://www.securityfocus.com/archive/1/485268/100/0/threaded -
References () http://www.securityfocus.com/bid/26776 - () http://www.securityfocus.com/bid/26776 -
References () http://www.securitytracker.com/id?1019074 - () http://www.securitytracker.com/id?1019074 -
References () http://www.us-cert.gov/cas/techalerts/TA07-345A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA07-345A.html - US Government Resource
References () http://www.vupen.com/english/advisories/2007/4183 - Vendor Advisory () http://www.vupen.com/english/advisories/2007/4183 - Vendor Advisory
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-068 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-068 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3622 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3622 -

Information

Published : 2007-12-12 00:46

Updated : 2024-11-21 00:24


NVD link : CVE-2007-0064

Mitre link : CVE-2007-0064

CVE.ORG link : CVE-2007-0064


JSON object : View

Products Affected

microsoft

  • windows_vista
  • windows_media_services
  • windows_xp
  • windows_2000
  • windows_2003_server
  • windows_media_format_runtime
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer