Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.
History

Wed, 09 Jul 2025 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows 10 1809
Microsoft windows 10 21h2
Microsoft windows 10 22h2
Microsoft windows 11 22h2
Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows Server 2019
Microsoft windows Server 2022
Microsoft windows Server 2022 23h2
Microsoft windows Server 2025
CPEs cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows 10 1809
Microsoft windows 10 21h2
Microsoft windows 10 22h2
Microsoft windows 11 22h2
Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows Server 2019
Microsoft windows Server 2022
Microsoft windows Server 2022 23h2
Microsoft windows Server 2025

Wed, 28 May 2025 17:15:00 +0000

Type Values Removed Values Added
References

Thu, 22 May 2025 03:00:00 +0000


Wed, 09 Apr 2025 02:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Tue, 08 Apr 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 08 Apr 2025 17:30:00 +0000

Type Values Removed Values Added
Description Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.
Title Windows Media Remote Code Execution Vulnerability
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}


cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2025-04-08T17:23:07.837Z

Updated: 2025-06-04T17:52:21.460Z

Reserved: 2025-02-12T22:35:41.548Z

Link: CVE-2025-26666

cve-icon Vulnrichment

Updated: 2025-04-08T20:06:21.916Z

cve-icon NVD

Status : Analyzed

Published: 2025-04-08T18:15:49.833

Modified: 2025-07-09T16:38:18.770

Link: CVE-2025-26666

cve-icon Redhat

Severity : Important

Publid Date: 2025-04-08T17:23:07Z

Links: CVE-2025-26666 - Bugzilla