CVE-2011-0042

high-risk
Published 2011-03-09

SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."

Do I need to act?

!
63.2% chance of exploitation in next 30 days
EPSS score — higher than 37% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (11)

Affected Vendors

Microsoft

References (16)

http://osvdb.org/71016
http://secunia.com/advisories/43626
http://www.securityfocus.com/bid/46680
http://www.securitytracker.com/id?1025169
US Government Resource http://www.us-cert.gov/cas/techalerts/TA11-067A.html
http://www.vupen.com/english/advisories/2011/0615
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-01...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3...
http://osvdb.org/71016
http://secunia.com/advisories/43626
http://www.securityfocus.com/bid/46680
http://www.securitytracker.com/id?1025169
US Government Resource http://www.us-cert.gov/cas/techalerts/TA11-067A.html
http://www.vupen.com/english/advisories/2011/0615
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-01...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3...
59
/ 100
high-risk
Severity 24/34 · High
Exploitability 19/34 · Moderate
Exposure 16/34 · Moderate