CVE-2007-0064

Windows Media Format Runtime 7.1-11 & Services 9.1 - RCE via Crafted ASF File

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019074
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/319385
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3622
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4183
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/archive/1/485268/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26776
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-345A.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28034

Scores

EPSS 0.3598
EPSS Percentile 98.3%

Details

CWE
CWE-119
Status published
Products (5)
microsoft/windows_media_format_runtime 7.1
microsoft/windows_media_format_runtime 9
microsoft/windows_media_format_runtime 9.5 (2 CPE variants)
microsoft/windows_media_format_runtime 11
microsoft/windows_media_services 9.1
Published Dec 12, 2007
Tracked Since Feb 18, 2026