All the vulnerabilites related to microsoft - windows_media_encoder
cve-2010-3965
Vulnerability from cvelistv5
Published
2010-12-16 19:00
Modified
2024-08-07 03:26
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA10-348A.html | third-party-advisory, x_refsource_CERT | |
| http://www.vupen.com/english/advisories/2010/3217 | vdb-entry, x_refsource_VUPEN | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12235 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/bid/42855 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1024876 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-094 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:26:12.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA10-348A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name": "ADV-2010-3217",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3217"
},
{
"name": "oval:org.mitre.oval:def:12235",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12235"
},
{
"name": "42855",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42855"
},
{
"name": "1024876",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024876"
},
{
"name": "MS10-094",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka \"Insecure Library Loading Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA10-348A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name": "ADV-2010-3217",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3217"
},
{
"name": "oval:org.mitre.oval:def:12235",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12235"
},
{
"name": "42855",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42855"
},
{
"name": "1024876",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024876"
},
{
"name": "MS10-094",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka \"Insecure Library Loading Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-348A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name": "ADV-2010-3217",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3217"
},
{
"name": "oval:org.mitre.oval:def:12235",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12235"
},
{
"name": "42855",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42855"
},
{
"name": "1024876",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024876"
},
{
"name": "MS10-094",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-3965",
"datePublished": "2010-12-16T19:00:00",
"dateReserved": "2010-10-14T00:00:00",
"dateUpdated": "2024-08-07T03:26:12.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3008
Vulnerability from cvelistv5
Published
2008-09-10 15:00
Modified
2024-08-07 09:21
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/996227 | third-party-advisory, x_refsource_CERT-VN | |
| http://marc.info/?l=bugtraq&m=122235754013992&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.securitytracker.com/id?1020832 | vdb-entry, x_refsource_SECTRACK | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/bid/31065 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=122235754013992&w=2 | vendor-advisory, x_refsource_HP | |
| https://www.exploit-db.com/exploits/6454 | exploit, x_refsource_EXPLOIT-DB | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA08-253A.html | third-party-advisory, x_refsource_CERT | |
| http://www.vupen.com/english/advisories/2008/2521 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#996227",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/996227"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "1020832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020832"
},
{
"name": "oval:org.mitre.oval:def:6018",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018"
},
{
"name": "31065",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31065"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "6454",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6454"
},
{
"name": "MS08-053",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2521"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka \"Windows Media Encoder Buffer Overrun Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "VU#996227",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/996227"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "1020832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020832"
},
{
"name": "oval:org.mitre.oval:def:6018",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018"
},
{
"name": "31065",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31065"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "6454",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6454"
},
{
"name": "MS08-053",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2521"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-3008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka \"Windows Media Encoder Buffer Overrun Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#996227",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/996227"
},
{
"name": "HPSBST02372",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "1020832",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020832"
},
{
"name": "oval:org.mitre.oval:def:6018",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018"
},
{
"name": "31065",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31065"
},
{
"name": "SSRT080133",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "6454",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6454"
},
{
"name": "MS08-053",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053"
},
{
"name": "TA08-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2521",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2521"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-3008",
"datePublished": "2008-09-10T15:00:00",
"dateReserved": "2008-07-07T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1879
Vulnerability from cvelistv5
Published
2010-06-08 22:00
Modified
2024-08-07 01:35
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7517 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA10-159B.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:7517",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7517"
},
{
"name": "MS10-033",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"name": "TA10-159B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka \"Media Decompression Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:7517",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7517"
},
{
"name": "MS10-033",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"name": "TA10-159B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-1879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka \"Media Decompression Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:7517",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7517"
},
{
"name": "MS10-033",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"name": "TA10-159B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-1879",
"datePublished": "2010-06-08T22:00:00",
"dateReserved": "2010-05-11T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2010-06-08 22:30
Modified
2024-11-21 01:15
Severity ?
Summary
Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | directx | 9.0 | |
| microsoft | directx | 9.0a | |
| microsoft | directx | 9.0b | |
| microsoft | directx | 9.0c | |
| microsoft | windows_media_format_runtime | 9 | |
| microsoft | windows_media_format_runtime | 9.5 | |
| microsoft | windows_media_format_runtime | 9.5 | |
| microsoft | windows_media_format_runtime | 11 | |
| microsoft | windows_media_encoder | 9 | |
| microsoft | windows_media_encoder | 9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2936E9C2-65E6-4D26-A277-FF2AE13A3FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F096A3-DD19-4D54-94F4-027DBDF1A705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "70A8E96E-F752-43D2-83C3-877DE1042B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "44C68B75-2B7A-450B-BA1B-03E77E03B59B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:9:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD41070-7ED7-41D6-AF81-C038A8DB3C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DBB016-22A2-4B12-A1A4-DEE8ABF14B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:x64:*:*:*:*:*",
"matchCriteriaId": "87AA5126-90FF-40F5-8664-E8260C2C8CF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*",
"matchCriteriaId": "61AAD264-CC98-4FB7-BDDD-6920D4AD1B5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_media_encoder:9:-:x64:*:*:*:*:*",
"matchCriteriaId": "609E859B-88D6-4CC3-8F49-F09884643955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_media_encoder:9:-:x86:*:*:*:*:*",
"matchCriteriaId": "6AEE67A7-C46C-4DAC-BE3A-66DF96617BFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka \"Media Decompression Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Quartz.dll para DirectShow, Windows Media Format Runtime v9, v9.5 y v11; Media Encoder v9, y el componente COM Asycfilt.dll permite a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de un archivo multimedia con datos de compresi\u00f3n manipulados, tambi\u00e9n conocido como \"Vulnerabilidad de descompresi\u00f3n Multimedia\"."
}
],
"id": "CVE-2010-1879",
"lastModified": "2024-11-21T01:15:23.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-08T22:30:01.583",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7517"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-16 19:33
Modified
2024-11-21 01:19
Severity ?
Summary
Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_media_encoder:9:-:x86:*:*:*:*:*",
"matchCriteriaId": "6AEE67A7-C46C-4DAC-BE3A-66DF96617BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_media_encoder:9_series:*:*:*:*:*:*:*",
"matchCriteriaId": "8494DA8E-2E88-46FE-9FE1-A09DF53BF1FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
"matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*",
"matchCriteriaId": "B8A32637-65EC-42C4-A892-0E599562527C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "FFF81F4B-7D92-4398-8658-84530FB8F518",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_media_encoder:9:-:x64:*:*:*:*:*",
"matchCriteriaId": "609E859B-88D6-4CC3-8F49-F09884643955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_media_encoder:9_series:*:*:*:*:*:*:*",
"matchCriteriaId": "8494DA8E-2E88-46FE-9FE1-A09DF53BF1FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka \"Insecure Library Loading Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Windows Media Encoder 9 en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, y Windows Server 2008 Gold y SP2 permite a usuarios locales aumentar sus privilegios mediante un Troyano DLL en el directorio de trabajo actual, como se ha demostrado por un directorio que contiene un fichero Windows Media Profile (PRX). Tambi\u00e9n se conoce como \"Vulnerabilidad de Carga Insegura de Bibliotecas\""
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n\u0027CWE-426: Untrusted Search Path\u0027",
"evaluatorImpact": "Per: http://www.microsoft.com/technet/security/Bulletin/MS10-094.mspx\r\n\r\n\u0027This is a remote code execution vulnerability.\u0027",
"id": "CVE-2010-3965",
"lastModified": "2024-11-21T01:19:58.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-12-16T19:33:03.397",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/42855"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1024876"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3217"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-094"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12235"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-11 01:11
Modified
2024-11-21 00:48
Severity ?
Summary
Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_media_encoder | 9_series | |
| microsoft | windows-nt | 2008 | |
| microsoft | windows-nt | 2008 | |
| microsoft | windows-nt | xp | |
| microsoft | windows_2000 | - | |
| microsoft | windows_2003_server | - | |
| microsoft | windows_2003_server | - | |
| microsoft | windows_2003_server | - | |
| microsoft | windows_2003_server | - | |
| microsoft | windows_xp | - | |
| microsoft | windows_xp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_media_encoder:9_series:*:*:*:*:*:*:*",
"matchCriteriaId": "8494DA8E-2E88-46FE-9FE1-A09DF53BF1FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows-nt:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC3CA16-2694-4C05-A404-029DB179C47D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows-nt:2008:*:x64:*:*:*:*:*",
"matchCriteriaId": "2B89E436-C99E-4F68-AADD-E5980B346E95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "73AED29E-B778-4186-8968-EB608E34E540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*",
"matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:x64:*:*:*:*:*",
"matchCriteriaId": "FDDFEA49-9B44-498E-B2DB-E1FC778DE7EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2A0607E7-B416-4AF8-ADF6-6E503627DD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C0C7D2B-0AA5-4E82-B58B-2668A0EAC2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "4D5F7729-A095-43DF-BF2F-B4B6938087FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka \"Windows Media Encoder Buffer Overrun Vulnerability.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el control WMEncProfileManager ActiveX en wmex.dll en Microsoft Windows Media Encoder 9 Series permite a atacantes remotos ejecutar un c\u00f3digo arbitrario a trav\u00e9s de un primer argumento largo en el m\u00e9todo GetDetailsString, tambi\u00e9n conocido como \"Windows Media Encoder Buffer Overrun Vulnerability\"."
}
],
"id": "CVE-2008-3008",
"lastModified": "2024-11-21T00:48:13.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-09-11T01:11:47.057",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"source": "secure@microsoft.com",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/996227"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31065"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020832"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/2521"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018"
},
{
"source": "secure@microsoft.com",
"url": "https://www.exploit-db.com/exploits/6454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/996227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/2521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6454"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}