Search Results (144 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2186 2 Foxit, Microsoft 9 Pdf Reader, Windows 2000, Windows 2003 Server and 6 more 2026-04-23 N/A
Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
CVE-2007-5095 1 Microsoft 2 Windows Media Player, Windows Xp 2026-04-23 N/A
Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file.
CVE-2007-1898 8 Apple, Hp, Jetbox and 5 more 16 Mac Os X, Hp-ux, Tru64 and 13 more 2026-04-23 N/A
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
CVE-2007-6401 2 3ivx, Microsoft 2 Mpeg-4 Codec, Windows Media Player 2026-04-23 N/A
Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402.
CVE-2006-7030 1 Microsoft 8 Ie, Windows 2000, Windows 2003 Server and 5 more 2026-04-23 N/A
Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll.
CVE-2008-3010 1 Microsoft 5 Windows 2000, Windows 2003 Server, Windows Media Player and 2 more 2026-04-23 N/A
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability."
CVE-2009-2525 1 Microsoft 7 Windows 2000, Windows Media Format Runtime, Windows Media Player and 4 more 2026-04-23 N/A
Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability."
CVE-2009-2527 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Media Player and 1 more 2026-04-23 N/A
Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability."
CVE-2007-4938 11 Apple, Hp, Ibm and 8 more 18 Mac Os X, Hp-ux, Tru64 and 15 more 2026-04-23 N/A
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
CVE-2006-6134 1 Microsoft 1 Windows Media Player 2026-04-23 N/A
Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
CVE-2007-2736 9 Achievo, Apple, Hp and 6 more 18 Achievo, A Ux, Mac Os X and 15 more 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
CVE-2007-3958 1 Microsoft 8 Internet Explorer, Windows 2000, Windows 95 and 5 more 2026-04-23 N/A
Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif.
CVE-2007-0064 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows Media Format Runtime and 3 more 2026-04-23 N/A
Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
CVE-2008-4927 1 Microsoft 1 Windows Media Player 2026-04-23 N/A
Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4288 1 Microsoft 1 Windows Media Player 2026-04-23 N/A
Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au.
CVE-2003-1569 2 Goahead, Microsoft 4 Goahead Webserver, Windows 95, Windows 98 and 1 more 2026-04-23 N/A
GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385.
CVE-2004-0790 2 Microsoft, Sun 8 Windows 2000, Windows 2003 Server, Windows 98 and 5 more 2026-04-16 N/A
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
CVE-2004-0214 1 Microsoft 5 Internet Explorer, Windows 2000, Windows 98 and 2 more 2026-04-16 N/A
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
CVE-2001-0242 1 Microsoft 1 Windows Media Player 2026-04-16 N/A
Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an .ASX file, or (2) a long banner tag, a variant of the ".ASX Buffer Overrun" vulnerability as discussed in MS:MS00-090.
CVE-2004-0202 1 Microsoft 7 Directx, Windows 2000, Windows 2003 Server and 4 more 2026-04-16 N/A
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.