PT-2011-2039 · Microsoft · Windows Media Center+2
Published
2011-03-09
·
Updated
2025-01-21
·
CVE-2011-0042
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Windows Media Player and Windows Media Center versions prior to the fixed version
Description
A remote code execution issue exists in the way Windows Media Player and Windows Media Center handle Digital Video Recording (.dvr-ms) files. This allows remote attackers to execute arbitrary code via a crafted file. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.
Recommendations
For Windows Media Player and Windows Media Center, update to a version that properly parses .dvr-ms files to prevent remote code execution.
As a temporary workaround, consider avoiding the use of .dvr-ms files in Windows Media Player and Windows Media Center until a patch is available.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Windows
Windows Media Center
Windows Media Player