Microsoft Windows Media Player — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Windows Media Player, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (53)
CVE-2008-3010 — CVSS 10.0 (critical): Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate…
CVE-2008-3009 — CVSS 10.0 (critical): Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not…
CVE-2004-0597 — CVSS 10.0 (critical): Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via…
CVE-2009-2527 — CVSS 9.3 (critical): Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF…
CVE-2009-4309 — CVSS 9.3 (critical): Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server…
CVE-2015-1728 — CVSS 9.3 (critical): Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka…
CVE-2009-0555 — CVSS 9.3 (critical): Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager…
CVE-2009-1331 — CVSS 9.3 (critical): Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application…
CVE-2009-2525 — CVSS 9.3 (critical): Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager…
CVE-2006-0006 — CVSS 9.3 (critical): Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on…
CVE-2006-0025 — CVSS 9.3 (critical): Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image…
CVE-2013-3127 — CVSS 9.3 (critical): The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media…
CVE-2010-3138 — CVSS 9.3 (critical): Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via…
CVE-2007-6401 — CVSS 9.3 (critical): Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec…
CVE-2008-2253 — CVSS 9.3 (critical): Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only…
CVE-2010-2745 — CVSS 9.3 (critical): Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows…
CVE-2010-0268 — CVSS 9.3 (critical): Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP…
CVE-2002-1844 — CVSS 7.8 (high): Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows…
CVE-2007-3035 — CVSS 7.6 (high): Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin…
CVE-2004-1244 — CVSS 7.5 (high): Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values…
CVE-2000-1113 — CVSS 7.5 (high): Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream…
CVE-2005-1574 — CVSS 7.5 (high): Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect…
CVE-2007-5095 — CVSS 7.5 (high): Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media…
CVE-2001-0148 — CVSS 7.5 (high): The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a…
CVE-2003-0604 — CVSS 7.5 (high): Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote…
CVE-2001-0719 — CVSS 7.5 (high): Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming…
CVE-2001-0541 — CVSS 7.5 (high): Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed…
CVE-2001-0242 — CVSS 7.5 (high): Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long…
CVE-2002-0340 — CVSS 7.5 (high): Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when…
CVE-2002-0372 — CVSS 7.5 (high): Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's…
CVE-2002-1847 — CVSS 7.5 (high): Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary…
CVE-2003-0228 — CVSS 7.5 (high): Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to…
CVE-2006-6134 — CVSS 7.5 (high): Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows…
CVE-2002-0373 — CVSS 7.2 (high): The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain…
CVE-2006-4702 — CVSS 6.8 (medium): Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server…
CVE-2014-2671 — CVSS 6.8 (medium): Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly…
CVE-2003-0348 — CVSS 6.4 (medium): A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the…
CVE-2003-1107 — CVSS 5.1 (medium): The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is…
CVE-2001-0137 — CVSS 5.1 (medium): Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a…
CVE-2001-0243 — CVSS 5.0 (medium): Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the…
CVE-2000-0929 — CVSS 5.0 (medium): Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control…
CVE-2004-1325 — CVSS 5.0 (medium): The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the…
CVE-2005-2128 — CVSS 5.0 (medium): QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a…
CVE-2007-6236 — CVSS 5.0 (medium): Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that…
CVE-2000-1112 — CVSS 4.6 (medium): Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a…
CVE-2010-0718 — CVSS 4.3 (medium): Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero…
CVE-2010-1042 — CVSS 4.3 (medium): Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of…
CVE-2008-4927 — CVSS 4.3 (medium): Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a…
CVE-2007-4288 — CVSS 4.3 (medium): Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via…
CVE-2008-5745 — CVSS 4.3 (medium): Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260…
CVE-2007-3037 — CVSS 4.0 (medium): Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with…
CVE-2004-1324 — CVSS 2.6 (low): The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer…
CVE-2017-11768 — CVSS 2.5 (low): Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10…