CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.7%
Added: 03/14/2011
CVE: CVE-2011-0042
BID: 46680
OSVDB: 71016
Windows Media Player is an audio and video media player for Windows platforms.
A file parsing error in Windows Media Player allows command execution when a user opens a specially crafted Digital Video Recording (DVR-MS) image file.
Apply the patch referenced in Microsoft Security Bulletin 11-015.
<http://secunia.com/advisories/43626/>
This exploit works on Microsoft Windows Media Player 11.0.6002.18005.
The user must open the HTML page on the target using Internet Explorer 7.
The executable smbclient
must be available on the exploit server.
A valid SMB user with permission to write to the specified SMB share is required. The smb password is not allowed to contain single quotes (').
Windows