CVE-2007-4288

Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://securityreason.com/securityalert/2987
http://www.safehack.com/exp/mp/mplayer11.txt	URL Repurposed
http://www.securityfocus.com/archive/1/475839/100/0/threaded
http://www.securityfocus.com/bid/25236	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/35878
http://securityreason.com/securityalert/2987
http://www.safehack.com/exp/mp/mplayer11.txt	URL Repurposed
http://www.securityfocus.com/archive/1/475839/100/0/threaded
http://www.securityfocus.com/bid/25236	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/35878

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:windows_media_player:11:*:*:*:*:*:*:*

History

21 Nov 2024, 00:35

Type	Values Removed	Values Added
References	~~() http://securityreason.com/securityalert/2987 -~~	() http://securityreason.com/securityalert/2987 -
References	~~() http://www.safehack.com/exp/mp/mplayer11.txt - URL Repurposed~~	() http://www.safehack.com/exp/mp/mplayer11.txt - URL Repurposed
References	~~() http://www.securityfocus.com/archive/1/475839/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/475839/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/25236 - Exploit~~	() http://www.securityfocus.com/bid/25236 - Exploit
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/35878 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/35878 -

14 Feb 2024, 01:17

Type	Values Removed	Values Added
References	~~(MISC) http://www.safehack.com/exp/mp/mplayer11.txt -~~	(MISC) http://www.safehack.com/exp/mp/mplayer11.txt - URL Repurposed

Information

Published : 2007-08-09 21:17

Updated : 2024-11-21 00:35

NVD link : CVE-2007-4288

Mitre link : CVE-2007-4288

CVE.ORG link : CVE-2007-4288

JSON object : View

Products Affected

microsoft

windows_media_player

CWE

NVD-CWE-Other

{"id": "CVE-2007-4288", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-08-09T21:17:00.000", "references": [{"url": "http://securityreason.com/securityalert/2987", "source": "cve@mitre.org"}, {"url": "http://www.safehack.com/exp/mp/mplayer11.txt", "tags": ["URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/475839/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25236", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35878", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2987", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.safehack.com/exp/mp/mplayer11.txt", "tags": ["URL Repurposed"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/475839/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/25236", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35878", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au."}, {"lang": "es", "value": "Microsoft Windows Media Player 11 (wmplayer.exe) permite a atacantes remotos con la complicidad del usuario provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) mediante un fichero .au manipulado que dispara un error de divisi\u00f3n por cero, como se demuestra con iapetus.au."}], "lastModified": "2024-11-21T00:35:14.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_media_player:11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B27BB8B0-BC24-4A3F-A18B-63D57AB4799B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}