PT-2013-4158 · Microsoft · Windows Media Player+1

Published

2013-07-10

Updated

2018-10-12

CVE-2013-3127

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Windows Media Format Runtime versions 9 and 9.5 Windows Media Format Runtime 11 Windows Media Player versions 11 and 12

Description The issue allows remote attackers to execute arbitrary code via a crafted media file. This is related to the Microsoft WMV video codec in various Windows Media Format Runtime and Windows Media Player versions.

Recommendations For Windows Media Format Runtime versions 9 and 9.5, consider disabling the use of the WMV video codec until a patch is available. For Windows Media Format Runtime 11, restrict access to media files to minimize the risk of exploitation. For Windows Media Player versions 11 and 12, avoid playing crafted media files in the affected player until the issue is resolved.

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2013-3127

ZDI-13-168

Affected Products

Windows Media Format Runtime

Windows Media Player

PT-2013-4158 · Microsoft · Windows Media Player+1

CVE-2013-3127

Weakness Enumeration

Related Identifiers

Affected Products

References · 5