CVE-2007-0064: Buffer Overflow
First published: Wed Dec 12 2007(Updated: )
Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 2000 | =sp4 | |
| Microsoft Windows Media Format Runtime | =7.1 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows Media Format Runtime | =9 | |
| Microsoft Windows 2003 Server | ||
| Microsoft Windows 2003 Server | =sp1 | |
| Microsoft Windows 2003 Server | =sp2 | |
| Microsoft Windows 2003 Server | =sp2 | |
| Microsoft Windows XP | ||
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows Media Format Runtime | =9.5 | |
| Microsoft Windows Media Format Runtime | =9.5 | |
| Microsoft Windows Vista | ||
| Microsoft Windows Vista | ||
| Microsoft Windows Media Format Runtime | =11 | |
| Microsoft Windows Media Services | =9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/26776
- http://www.securitytracker.com/id?1019074
- http://secunia.com/advisories/28034
- http://www.us-cert.gov/cas/techalerts/TA07-345A.html
- http://www.kb.cert.org/vuls/id/319385
- http://www.vupen.com/english/advisories/2007/4183
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3622
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-068
- http://www.securityfocus.com/archive/1/485268/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-0064?
CVE-2007-0064 is considered to have a high severity due to the potential for remote code execution.
How do I fix CVE-2007-0064?
To fix CVE-2007-0064, ensure that you apply the latest security updates provided by Microsoft for the affected software components.
What software versions are affected by CVE-2007-0064?
CVE-2007-0064 affects Microsoft Windows Media Format Runtime versions 7.1, 9, 9.5, 11, and Windows Media Services 9.1.
Can CVE-2007-0064 be exploited without user interaction?
No, CVE-2007-0064 requires user-assisted actions to exploit, typically through opening a malicious ASF file.
What platforms are vulnerable to CVE-2007-0064?
CVE-2007-0064 impacts multiple platforms including Windows 2000, XP, Server 2003, and Vista.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- vendor/microsoft
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- canonical/microsoft windows media format runtime
- version/microsoft windows media format runtime/7.1
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- version/microsoft windows media format runtime/9
- canonical/microsoft windows 2003 server
- version/microsoft windows 2003 server/sp1
- version/microsoft windows 2003 server/sp2
- version/microsoft windows media format runtime/9.5
- canonical/microsoft windows vista
- version/microsoft windows media format runtime/11
- canonical/microsoft windows media services
- version/microsoft windows media services/9.1