CVE-2011-0042

CVE Database · CVE-2011-0042

CVE-2011-0042

· HIGHModified

CVSS v3.1

7.8

EPSS

33.28%

Published

Mar 9, 2011

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-20

Affected Products (11)

microsoft · windows_xp_media_centervulnerable

microsoft · windows_7vulnerable

microsoft · windows_vistavulnerable

microsoft · windows_xpvulnerable

microsoft · windows_media_center_tv_packvulnerable

microsoft · windows_vistavulnerable

References (16)