CVE-2011-0042

Published: Mar 9, 2011Modified: Apr 29, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."

Affected (11)

Products: Microsoft: Windows 7, Windows Vista, Windows Xp, Windows Xp Media Center, Windows Media Center Tv Pack

5 products

Windows Xp Media Center

Windows Media Center Tv Pack

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp Media Center	Version 2005 sp3

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows Media Center Tv Pack	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (16)

http://osvdb.org/71016

Source: secure@microsoft.com

http://secunia.com/advisories/43626

Source: secure@microsoft.com

http://www.securityfocus.com/bid/46680

Source: secure@microsoft.com

http://www.securitytracker.com/id?1025169

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA11-067A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2011/0615

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-015

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12281

Source: secure@microsoft.com

http://osvdb.org/71016

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43626

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/46680

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1025169

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA11-067A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2011/0615

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-015

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12281

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.