CVE-2008-4927

2022-10-0316:13:59

CWE-20

[email protected]

web.nvd.nist.gov

microsoft

windows

media player

wmp

cve-2008-4927

denial of service

midi

dat

application crash

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.5%

JSON

Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to “MThd Header Parsing.” NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

NVD

Node

microsoftwindows_media_playerMatch9

microsoftwindows_media_playerMatch10

microsoftwindows_media_playerMatch11

CPENameOperatorVersion
microsoft:windows_media_playermicrosoft windows media playereq9
microsoft:windows_media_playermicrosoft windows media playereq10
microsoft:windows_media_playermicrosoft windows media playereq11

CPE	Name	Operator	Version
microsoft:windows_media_player	microsoft windows media player	eq	9
microsoft:windows_media_player	microsoft windows media player	eq	10
microsoft:windows_media_player	microsoft windows media player	eq	11