Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2012-0003

Published: 10/01/2012 Updated: 07/12/2023
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Windows Server 2008

Vulnerability Summary

Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote malicious users to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows server 2008

microsoft windows server 2008 r2

microsoft windows server 2008 -

microsoft windows 7 -

microsoft windows xp

microsoft windows xp 2005

microsoft windows server 2003

microsoft windows vista

Exploits

Exploit DB: Microsoft Windows - midiOutPlayNextPolyEvent Heap Overflow (MS12-004) (Metasploit)
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking inclu ...
Exploit DB: MS12-004 midiOutPlayNextPolyEvent Heap Overflow
This Metasploit module exploits a heap overflow vulnerability in the Windows Multimedia Library (winmmdll) The vulnerability occurs when parsing specially crafted MIDI files Remote code execution can be achieved by using Windows Media Player's ActiveX control Exploitation is done by supplying a specially crafted MIDI file with specific events, ...

Recent Articles

SecTor – Security Education Conference 2012, Toronto / CA
Securelist • Stefan Ortloff • 03 Oct 2012

I’m sending greetings from Canada, where I’m attending the 6th annual SecTor Security Education Conference in the very impressive city of Toronto. With almost 70 talks and nearly 50 exhibitors there are a lot of opportunities to learn about new techniques and meet interesting people from all over the world. In addition there is a “LockPick Village”, a robotics-showcase and a capture the flag competition located in the expo area. Last but not least, Kaspersky Lab is exhibiting in the expo...

Read more...
CVE-2012-0003 Exploit ITW
Securelist • Kurt Baumgartner • 27 Jan 2012

S. Korean handlers are slow to take down the publicly distributed malicious code exploiting CVE-2012-0003, a vulnerability patched in Microsoft’s January 2012 patch release MS12-004. We have discussed with reporters that the code has been available since the 21st, and a site appears to have been publicly attacking very low numbers of Korean users over the past day or so. The site remains up at this time. The exploit itself appears to be reliable and easy to replicate, so we expect to see this ...

Read more...

References

NVD-CWE-noinfohttp://www.securitytracker.com/id?1026492http://www.securityfocus.com/bid/51292http://secunia.com/advisories/47485http://www.us-cert.gov/cas/techalerts/TA12-010A.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14337https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004https://nvd.nist.govhttps://www.exploit-db.com/exploits/18426/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook