CVE-2007-0064
Windows Media Format Runtime 7.1-11 & Services 9.1 - RCE via Crafted ASF File
Title source: llmDescription
Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019074
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/319385
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3622
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-068
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4183
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_hp
http://www.securityfocus.com/archive/1/485268/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26776
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-345A.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28034
Scores
EPSS
0.3598
EPSS Percentile
98.3%
Details
CWE
CWE-119
Status
published
Products (5)
microsoft/windows_media_format_runtime
7.1
microsoft/windows_media_format_runtime
9
microsoft/windows_media_format_runtime
9.5 (2 CPE variants)
microsoft/windows_media_format_runtime
11
microsoft/windows_media_services
9.1
Published
Dec 12, 2007
Tracked Since
Feb 18, 2026