CVE-2007-6401

Microsoft Windows Media Player (WMP) 6.4 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SYS 49152 · perllocalwindows

https://www.exploit-db.com/exploits/4702

View Code ZIP pw:eip

References (5)

[Third Party Advisory] http://securityreason.com/securityalert/3453

[Exploit, Patch] http://www.securityfocus.com/bid/26773

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/4141

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/484779/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019064

Scores

EPSS 0.5624

EPSS Percentile 98.1%

Details

CWE

CWE-119

Status published

Products (3)

3ivx/mpeg-4_codec 4.5.1

3ivx/mpeg-4_codec 5.0.1

microsoft/windows_media_player 6.4

Published Dec 17, 2007

Tracked Since Feb 18, 2026