| Vulnerability Name: | CVE-2005-2128 (CCN-22480) | ||||||||||||||||||||||||
| Assigned: | 2005-10-11 | ||||||||||||||||||||||||
| Published: | 2005-10-11 | ||||||||||||||||||||||||
| Updated: | 2018-10-12 | ||||||||||||||||||||||||
| Summary: | QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2005-2128 Source: CCN Type: SA17160 Microsoft Windows DirectShow AVI Handling Vulnerability Source: SECUNIA Type: UNKNOWN 17160 Source: CCN Type: SA17172 Avaya Various Products Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 17172 Source: CCN Type: SA17509 Nortel CallPilot Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 17509 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf Source: CCN Type: Microsoft Security Bulletin MS13-011 Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091) Source: CCN Type: Microsoft Security Bulletin MS16-007 Security Update for Microsoft Windows to Address Remote Code Execution (3124901) Source: CCN Type: Microsoft Security Bulletin MS16-014 Security update for Microsoft Windows to Address Remote Code Execution (3134228) Source: CCN Type: Microsoft Security Bulletin MS16-047 Security Update for SAM and LSAD Remote Protocols (3148527) Source: CCN Type: Microsoft Security Bulletin MS16-075 Security Update for Windows SMB Server (3164038) Source: CCN Type: Microsoft Security Bulletin MS16-076 Security Update for Netlogon (3167691) Source: CCN Type: Microsoft Security Bulletin MS16-101 Security Update for Windows Authentication Methods (3178465) Source: CCN Type: Microsoft Security Bulletin MS16-110 Security Update for Windows (3178467) Source: CCN Type: Microsoft Security Bulletin MS16-111 Security Update for Windows Kernel (3186973) Source: CCN Type: Microsoft Security Bulletin MS16-120 Security Update for Microsoft Graphics Component (3192884) Source: CCN Type: Microsoft Security Bulletin MS16-122 Security Update for Microsoft Video Control (3195360) Source: CCN Type: Microsoft Security Bulletin MS16-123 Security Update for Kernel-Mode Drivers (3192892) Source: CCN Type: Microsoft Security Bulletin MS16-124 Security Update for Windows Registry (3193227) Source: CCN Type: Microsoft Security Bulletin MS16-126 Security Update for Microsoft Internet Messaging API (3196067) Source: CCN Type: Microsoft Security Bulletin MS16-131 Security Update for Microsoft Video Control (3199151) Source: CCN Type: Microsoft Security Bulletin MS16-139 Security Update for Windows Kernel (3199720) Source: CCN Type: Microsoft Security Bulletin MS16-155 Security Update for .NET Framework (3205640) Source: CCN Type: Microsoft Security Bulletin MS17-006 Cumulative Security Update for Internet Explorer (4013073) Source: CCN Type: Microsoft Security Bulletin MS17-013 Security Update for Microsoft Graphics Component (4013075) Source: EEYE Type: UNKNOWN AD20051011a Source: CCN Type: US-CERT VU#995220 Microsoft DirectShow buffer overflow Source: CERT-VN Type: US Government Resource VU#995220 Source: CCN Type: Microsoft Security Bulletin MS05-050 Vulnerability in DirectShow Could Allow Remote Code Execution (904706) Source: CCN Type: Microsoft Security Bulletin MS07-064 Vulnerabilities in DirectShow Could Allow Remote Code Execution (941568) Source: CCN Type: Microsoft Security Bulletin MS08-033 Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) Source: CCN Type: Microsoft Security Bulletin MS09-011 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373) Source: CCN Type: Microsoft Security Bulletin MS09-028 Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) Source: CCN Type: Microsoft Security Bulletin MS10-013 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935) Source: CCN Type: Microsoft Security Bulletin MS10-033 Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902) Source: CCN Type: Microsoft Security Bulletin MS10-094 Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961 Source: CCN Type: Microsoft Security Bulletin MS12-004 Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391) Source: CCN Type: Security Advisory P-2005-0056-Global Nortel Networks: Log In Required Source: OSVDB Type: UNKNOWN 18822 Source: CCN Type: OSVDB ID: 18822 Microsoft DirectX DirectShow QUARTZ.DLL AVI Processing Overflow Source: BID Type: UNKNOWN 15063 Source: CCN Type: BID-15063 Microsoft DirectX DirectShow AVI Processing Buffer Overflow Vulnerability Source: CERT Type: US Government Resource TA05-284A Source: CCN Type: Internet Security Systems Protection Alert October 11, 2005 Multiple Microsoft Vulnerabilities - October 2005 Source: MS Type: UNKNOWN MS05-050 Source: XF Type: UNKNOWN win-directshow-avi-code-execution(22480) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1149 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1231 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1267 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1424 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1434 | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||