CVE-2014-2671

Microsoft Windows Media Player 11.0.5721.5230 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 7 public exploits for CVE-2014-2671. PoCs published by TUNISIAN CYBER, Asesino04, ariarat.

AI-analyzed exploit summary This exploit generates a malformed WAV file designed to trigger a memory corruption vulnerability in Windows Media Player 11.0.5721.5230, leading to a denial-of-service condition.

Description

Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.

Exploits (7)

exploitdb WORKING POC VERIFIED
by TUNISIAN CYBER · pythondoswindows
https://www.exploit-db.com/exploits/32477

This exploit generates a malformed WAV file designed to trigger a memory corruption vulnerability in Windows Media Player 11.0.5721.5230, leading to a denial-of-service condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Windows Media Player 11.0.5721.5230
No auth needed
Prerequisites: Target system running Windows Media Player 11.0.5721.5230 · Ability to deliver the malformed WAV file to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by TUNISIAN CYBER · pythondoswindows
https://www.exploit-db.com/exploits/32481

This exploit generates a malformed WAV file to trigger a memory corruption vulnerability in Light Audio Player 1.0.14, leading to a denial-of-service (DoS) condition. The PoC creates a file with a crafted header that exploits the vulnerability when processed by the target software.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Light Audio Player 1.0.14
No auth needed
Prerequisites: Target system running Light Audio Player 1.0.14 · Ability to deliver the malformed WAV file to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by TUNISIAN CYBER · pythondoswindows
https://www.exploit-db.com/exploits/32478

This exploit generates a malformed .wav file that triggers a local crash in jetVideo 8.1.1 when opened. The PoC writes a crafted header to a file, causing a denial-of-service condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: jetVideo 8.1.1
No auth needed
Prerequisites: Local access to the target system · jetVideo 8.1.1 installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by TUNISIAN CYBER · pythondoswindows
https://www.exploit-db.com/exploits/32483

This exploit generates a malformed WAV file to trigger a memory corruption vulnerability in GOM Video Converter 1.1.0.60, leading to a denial-of-service (DoS) condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: GOM Video Converter 1.1.0.60
No auth needed
Prerequisites: None
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by TUNISIAN CYBER · pythondoswindows
https://www.exploit-db.com/exploits/32482

This exploit generates a malformed WAV file that triggers a memory corruption vulnerability in GOMMP 2.2.56.5183, leading to a denial-of-service (DoS) condition when the file is processed by the vulnerable software.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: GOMMP 2.2.56.5183
No auth needed
Prerequisites: Vulnerable version of GOMMP installed · Ability to deliver the malformed WAV file to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Asesino04 · textdoswindows
https://www.exploit-db.com/exploits/26517

This exploit is a Proof of Concept (PoC) for CVE-2014-2671, which causes a crash in Microsoft Office PowerPoint 2007 by inserting a malformed sound file. The PoC generates a malicious '.au' file that triggers the vulnerability.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Office PowerPoint 2007
No auth needed
Prerequisites: Microsoft Office PowerPoint 2007 installed on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by ariarat · pythondoswindows
https://www.exploit-db.com/exploits/26951

This exploit generates a malformed .wav file that triggers a crash in Windows Movie Maker 2.1.4026.0 due to improper handling of the file format. The PoC demonstrates a denial-of-service (DoS) condition by causing the application to crash when importing the crafted file.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Windows Movie Maker 2.1.4026.0
No auth needed
Prerequisites: Windows XP SP2/SP3 with Windows Movie Maker 2.1.4026.0 installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/92080
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/32477/
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/66403

Scores

EPSS 0.4601
EPSS Percentile 98.7%

Details

CWE
CWE-119
Status published
Products (1)
microsoft/windows_media_player 11.0.5721.5230
Published Mar 31, 2014
Tracked Since Feb 18, 2026