Home

CVE-2011-0042

Description

SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka DVR-MS Vulnerability.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
63.164

Associated Vulnerability

VulnerabilityOS Platform
Security Update for Windows XP (KB2479943)Windows
Security Update for Windows Vista (KB2479943) x86 based systemsWindows
Security Update for Windows Vista (KB2479943) x86 based systems for SP2Windows
Security Update for Windows 7 (KB2479943) x86 based systemsWindows
Security Update for Windows 7 (KB2479943) x86 based systems for SP1Windows
Security Update for Windows XP x64 Edition (KB2479943)Windows
Security Update for Windows Vista for x64-based Systems (KB2479943)Windows
Security Update for Windows Vista for x64-based Systems (KB2479943) for SP2Windows
Security Update for Windows 7 for x64-based Systems (KB2479943)Windows
Security Update for Windows 7 for x64-based Systems (KB2479943) for SP1Windows
Security Update for Windows Server 2008 R2 x64 Edition (KB2479943)Windows
Security Update for Windows Server 2008 R2 x64 Edition (KB2479943) For Sp1Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-9853Security Update for Windows 7 (KB2479943)
PATCH-9854Security Update for Windows 7 (KB2479943)
PATCH-9858Security Update for Windows 7 for x64-based Systems (KB2479943)
PATCH-9859Security Update for Windows 7 for x64-based Systems (KB2479943)
PATCH-9860Security Update for Windows Server 2008 R2 x64 Edition (KB2479943)
PATCH-9861Security Update for Windows Server 2008 R2 x64 Edition (KB2479943)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234