CVE-2010-2745

Description

Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka Windows Media Player Memory Corruption Vulnerability.

Risk Information

Base Score

8.8

MODERATE

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

59.689

Associated Vulnerability

Vulnerability	OS Platform
ms10-082: vulnerability in windows media player could allow remote code execution for Windows XP (KB2378111)	Windows
ms10-082: vulnerability in windows media player could allow remote code execution for Windows XP (KB2378111)	Windows
ms10-082: vulnerability in windows media player could allow remote code execution for Windows Server 2003 (KB2378111)	Windows
ms10-082: vulnerability in windows media player could allow remote code execution for Windows XP x64 Edition (KB2378111)	Windows
ms10-082: vulnerability in windows media player could allow remote code execution for Windows Server 2003 x64 Edition (KB2378111)	Windows
ms10-082: vulnerability in windows media player could allow remote code execution for Windows XP x64 Edition (KB2378111) x86 based systems	Windows
ms10-082: vulnerability in windows media player could allow remote code execution for Windows Vista (KB2378111) x86 based systems	Windows
ms10-082: vulnerability in windows media player could allow remote code execution for Windows Vista (KB2378111) x86 based systems for SP2	Windows
ms10-082: vulnerability in windows media player could allow remote code execution for Windows Server 2008 (KB2378111) x86 based systems	Windows
ms10-082: vulnerability in windows media player could allow remote code execution for Windows Server 2008 (KB2378111) x86 based systems for SP2	Windows
ms10-082: vulnerability in windows media player could allow remote code execution for Windows XP x64 Edition (KB2378111)	Windows
ms10-082: vulnerability in windows media player could allow remote code execution for Windows Vista for x64-based Systems (KB2378111)	Windows
ms10-082: vulnerability in windows media player could allow remote code execution for Windows Vista for x64-based Systems (KB2378111) for SP2	Windows
ms10-082: vulnerability in windows media player could allow remote code execution for Windows Server 2008 x64 Edition (KB2378111)	Windows
ms10-082: vulnerability in windows media player could allow remote code execution for Windows Server 2008 x64 Edition (KB2378111) for SP2	Windows
ms10-082: vulnerability in windows media player could allow remote code execution for Windows 7 (KB2378111)	Windows
ms10-082: vulnerability in windows media player could allow remote code execution for Windows 7 for x64-based Systems (KB2378111)	Windows
ms10-082: vulnerability in windows media player could allow remote code execution for Windows Server 2008 R2 x64 Edition (KB2378111)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-9376	Security Update for Windows Server 2003 (KB2378111)
PATCH-9378	Security Update for Windows Server 2003 x64 Edition (KB2378111)
PATCH-9382	Security Update for Windows Server 2008 (KB2378111)
PATCH-9383	Security Update for Windows Server 2008 (KB2378111)
PATCH-9385	Security Update for Windows Vista for x64-based Systems (KB2378111)
PATCH-9386	Security Update for Windows Vista for x64-based Systems (KB2378111)
PATCH-9387	Security Update for Windows Server 2008 x64 Edition (KB2378111)
PATCH-9388	Security Update for Windows Server 2008 x64 Edition (KB2378111)
PATCH-9389	Security Update for Windows 7 (KB2378111)
PATCH-9390	Security Update for Windows 7 for x64-based Systems (KB2378111)
PATCH-9391	Security Update for Windows Server 2008 R2 x64 Edition (KB2378111)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234