PT-2007-6191 · Microsoft · Windows Media Player+2

Published

2007-09-26

Updated

2018-10-15

CVE-2007-5095

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Microsoft Windows Media Player (WMP) 9 on Windows XP SP2

Description The issue allows remote attackers to potentially exploit vulnerabilities in software the user does not expect to run. This is demonstrated by the HTMLView parameter in an .asx file, where Microsoft Windows Media Player invokes Internet Explorer to render HTML documents contained inside some media files, regardless of the default web browser configured.

Recommendations For Microsoft Windows Media Player 9 on Windows XP SP2, consider disabling the HTML rendering feature in media files to minimize the risk of exploitation. Avoid using the HTMLView parameter in .asx files until the issue is resolved.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2007-5095

Affected Products

Internet Explorer

Windows Media Player

Windows Xp

PT-2007-6191 · Microsoft · Windows Media Player+2

CVE-2007-5095

Weakness Enumeration

Related Identifiers

Affected Products

References · 7