{"id": "SECURITYVULNS:DOC:1882", "bulletinFamily": "software", "title": "Security Bulletin MS01-042", "description": "- ----------------------------------------------------------------------\r\nTitle: Windows Media Player .NSC Processor Contains Unchecked\r\n Buffer\r\nDate: 26 July 2001\r\nSoftware: Windows Media Player 6.4, 7, and 7.1\r\nImpact: Run code of attacker's choice.\r\nBulletin: MS01-042\r\n\r\nMicrosoft encourages customers to review the Security Bulletin at: \r\nhttp://www.microsoft.com/technet/security/bulletin/MS01-042.asp.\r\n- ----------------------------------------------------------------------\r\n\r\nIssue:\r\n======\r\nWindows Media Player provides support for audio and video streaming. \r\nStreaming media channels can be configured by using Windows Media \r\nStation (.NSC) files. An unchecked buffer exists in the functionality\r\nused to process Windows Media Station files. This unchecked buffer \r\ncould potentially allow an attacker to run code of his choice on the \r\nmachine of another user. The attacker could either send a specially \r\nmalformed file to another user and entice her to run or preview it,\r\nor \r\nhe could host such a file on a web site and cause it to launch \r\nautomatically whenever a user visited the site. The code could take\r\nany action on the machine that the legitimate user himself could\r\ntake.\r\n\r\nMitigating Factors:\r\n====================\r\n - Customers who have applied the Outlook E-mail Security Update\r\n (OESU) for Outlook 2000 or are running Outlook XP, which has the\r\n OESU functionality built-in, are automatically protected against\r\n HTML e-mail based attempts to exploit this vulnerability.\r\n \r\n - For others not in the above categories, the attacker would have to\r\n entice the potential victim to visit a web site he controlled, or\r\nto\r\n open an HTML e-mail he had sent. \r\n\r\n - The attacker would need to know the specific operating system that\r\n the user was running in order to tailor the attack code properly;\r\nif\r\n the attacker made an incorrect guess about the user's operating\r\n system platform, the attack would crash the user's Windows Media\r\n Player session, but not run code of the attacker's choice. \r\n\r\nPatch Availability:\r\n===================\r\n - A patch is available to fix this vulnerability. Please read the \r\n Security Bulletin\r\n http://www.microsoft.com/technet/security/bulletin/ms01-042.asp\r\n for information on obtaining this patch.\r\n\r\n- ---------------------------------------------------------------------\r\n\r\nTHE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED \r\n"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL \r\nWARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF \r\nMERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT\r\nSHALL \r\nMICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES \r\nWHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,\r\nLOSS \r\nOF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION\r\nOR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH\r\nDAMAGES. \r\nSOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR\r\nCONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY\r\nNOT \r\nAPPLY.\r\n", "published": "2001-07-27T00:00:00", "modified": "2001-07-27T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:1882", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:04", "edition": 1, "viewCount": 7, "enchantments": {"score": {"value": 3.9, "vector": "NONE", "modified": "2018-08-31T11:10:04", "rev": 2}, "dependencies": {"references": [{"type": "centos", "idList": ["CESA-2020:1074"]}, {"type": "threatpost", "idList": ["THREATPOST:F3563336B135A1D7C1251AE54FDC6286"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-1074"]}, {"type": "nessus", "idList": ["EULEROS_SA-2020-1323.NASL", "FREEBSD_PKG_090763F6703011EA93DD080027846A02.NASL", "EULEROS_SA-2020-1314.NASL", "DEBIAN_DLA-2164.NASL", "FREEBSD_PKG_40194E1C6D8911EA808280EE73419AF3.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201314", "OPENVAS:1361412562311220201323", "OPENVAS:1361412562310892164", "OPENVAS:1361412562311220201318"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2164-1:52F3C"]}, {"type": "redhat", "idList": ["RHSA-2020:1074"]}, {"type": "zdt", "idList": ["1337DAY-ID-34159", "1337DAY-ID-34153", "1337DAY-ID-34157", "1337DAY-ID-34144", "1337DAY-ID-34134"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:10149"]}], "modified": "2018-08-31T11:10:04", "rev": 2}, "vulnersScore": 3.9}, "affectedSoftware": []}

{"rst": [{"lastseen": "2021-01-13T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **202[.]49.183.168** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **2**.\n First seen: 2020-01-31T03:00:00, Last seen: 2021-01-13T03:00:00.\n IOC tags: **generic**.\nASN 9303: (First IP 202.49.183.0, Last IP 202.49.183.255).\nASN Name \"KCCSASAP\" and Organisation \"KC Computer Service Ltd\".\nASN hosts 1882 domains.\nGEO IP information: City \"Gisborne\", Country \"New Zealand\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-01-31T00:00:00", "id": "RST:269B3857-FD86-3335-8F9A-5AC5870C7B49", "href": "", "published": "2021-01-14T00:00:00", "title": "RST Threat feed. IOC: 202.49.183.168", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-11T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **210[.]183.94.137** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **20**.\n First seen: 2020-11-10T03:00:00, Last seen: 2021-01-11T03:00:00.\n IOC tags: **generic**.\nASN 4766: (First IP 210.183.60.0, Last IP 210.183.95.115).\nASN Name \"KIXSASKR\" and Organisation \"Korea Telecom\".\nASN hosts 612674 domains.\nGEO IP information: City \"\", Country \"South Korea\".\nIOC could be a **False Positive** (May be a Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-11-10T00:00:00", "id": "RST:ED94BC79-1882-323F-88BD-87E4D48D1028", "href": "", "published": "2021-01-14T00:00:00", "title": "RST Threat feed. IOC: 210.183.94.137", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-13T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **185[.]36.248.110** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **13**.\n First seen: 2020-11-09T03:00:00, Last seen: 2021-01-13T03:00:00.\n IOC tags: **generic**.\nASN 29297: (First IP 185.36.248.0, Last IP 185.36.251.255).\nASN Name \"LINKCONNECTAS\" and Organisation \"Linkconnect services Ltd UK Business to business ISP\".\nASN hosts 1882 domains.\nGEO IP information: City \"Kettering\", Country \"United Kingdom\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-11-09T00:00:00", "id": "RST:D24FB192-FD8B-3081-8FAF-DC0F2F349C21", "href": "", "published": "2021-01-14T00:00:00", "title": "RST Threat feed. IOC: 185.36.248.110", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-13T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **193[.]106.57.177** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **6**.\n First seen: 2020-07-03T03:00:00, Last seen: 2021-01-13T03:00:00.\n IOC tags: **generic**.\nASN 42510: (First IP 193.106.56.0, Last IP 193.106.59.255).\nASN Name \"WDMAS\" and Organisation \"\".\nASN hosts 22 domains.\nGEO IP information: City \"Kyiv\", Country \"Ukraine\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-07-03T00:00:00", "id": "RST:40922596-1882-3B71-8559-E9B5B5D33295", "href": "", "published": "2021-01-14T00:00:00", "title": "RST Threat feed. IOC: 193.106.57.177", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-13T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **82[.]146.43.212** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **2**.\n First seen: 2020-01-02T03:00:00, Last seen: 2021-01-13T03:00:00.\n IOC tags: **malware**.\nASN 29182: (First IP 82.146.32.0, Last IP 82.146.63.255).\nASN Name \"THEFIRSTAS\" and Organisation \"\".\nASN hosts 221191 domains.\nGEO IP information: City \"\", Country \"Russia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-01-02T00:00:00", "id": "RST:45C010C5-1882-3C0C-BB1B-F98896ADAD13", "href": "", "published": "2021-01-14T00:00:00", "title": "RST Threat feed. IOC: 82.146.43.212", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-13T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **assopenscrt[.]it** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-13T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:3609116E-1882-3F62-B5B1-5E3BA2FBB9ED", "href": "", "published": "2021-01-14T00:00:00", "title": "RST Threat feed. IOC: assopenscrt.it", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-13T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **arunaland[.]com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **2**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-01-13T03:00:00.\n IOC tags: **spam**.\nDomain has DNS A records: 192[.]58.128.30,192.5.5.241,202.12.27.33,128.8.10.90\nWhois:\n Created: 2018-11-26 02:35:26, \n Registrar: NameSilo LLC, \n Registrant: unknown.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:AB9DC441-1882-375B-8225-CB2E78A93B63", "href": "", "published": "2021-01-14T00:00:00", "title": "RST Threat feed. IOC: arunaland.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-13T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **71[.]214.189.253** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **45**.\n First seen: 2021-01-09T03:00:00, Last seen: 2021-01-13T03:00:00.\n IOC tags: **shellprobe**.\nASN 209: (First IP 71.208.0.0, Last IP 71.216.31.255).\nASN Name \"CENTURYLINKUSLEGACYQWEST\" and Organisation \"Qwest Communications Company LLC\".\nASN hosts 73950 domains.\nGEO IP information: City \"Umatilla\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-09T00:00:00", "id": "RST:9D5362EB-1882-372A-B959-919EF7E94AF6", "href": "", "published": "2021-01-14T00:00:00", "title": "RST Threat feed. IOC: 71.214.189.253", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-13T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **92[.]50.69.58** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **23**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-13T03:00:00.\n IOC tags: **generic**.\nASN 6830: (First IP 92.50.64.0, Last IP 92.50.127.255).\nASN Name \"LGIUPC\" and Organisation \"formerly known as UPC Broadband Holding BV\".\nASN hosts 190486 domains.\nGEO IP information: City \"Frankfurt am Main\", Country \"Germany\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:BEEA247D-1882-3819-80F6-21154FB07973", "href": "", "published": "2021-01-14T00:00:00", "title": "RST Threat feed. IOC: 92.50.69.58", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-13T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **shopshastra[.]com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **25**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-13T03:00:00.\n IOC tags: **generic**.\nDomain has DNS A records: 13[.]233.37.163\nWhois:\n Created: 2017-10-25 07:34:03, \n Registrar: PDR Ltd dba PublicDomainRegistrycom, \n Registrant: unknown.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:B3620608-1882-395C-8EFB-C4BA1F7663D2", "href": "", "published": "2021-01-14T00:00:00", "title": "RST Threat feed. IOC: shopshastra.com", "type": "rst", "cvss": {}}]}