Sehato

**Name of the Vulnerable Software and Affected Versions** Windows Media Player version 10.00.00.4036 **Description** The issue is related to a heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL, which can be exploited by remote attackers to cause a denial of service, resulting in an application crash, and potentially execute arbitrary code. This can be achieved through a long HREF attribute using an unrecognized protocol in a REF element in an ASX PlayList file. **Recommendations** For Windows Media Player version 10.00.00.4036, consider disabling the WMCheckURLScheme function as a temporary workaround until a patch is available. Restrict access to ASX PlayList files to minimize the risk of exploitation. Avoid using unrecognized protocols in REF elements until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** IrfanView version 3.98 **Description** The issue allows user-assisted attackers to cause a denial of service, resulting in an application crash, via a crafted ANI image file. This could be due to a buffer overflow. **Recommendations** For IrfanView version 3.98, avoid using the software to open ANI image files from untrusted sources until a patch is available. As a temporary workaround, consider disabling the handling of ANI files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IrfanView version 3.98 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, by using a crafted CUR image file. **Recommendations** For IrfanView version 3.98, consider avoiding the use of CUR image files until a patch is available. As a temporary workaround, restrict the handling of CUR files to minimize the risk of exploitation.