CVE-2013-4858 : Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attacke

Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) via a crafted .wav file, as demonstrated by movieMaker.wav.

Published 2013-12-30 04:53:07

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2013-4858

Microsoft » Windows Movie Maker » Version: 2.1.4026.0
cpe:2.3:a:microsoft:windows_movie_maker:2.1.4026.0:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows Xp » Update SP3

Exploit prediction scoring system (EPSS) score for CVE-2013-4858

EPSS FAQ

26.23%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 96 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-4858

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2013-4858

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-4858

http://www.securityfocus.com/bid/61334

Microsoft Windows Movie Maker '.wav' File Denial of Service Vulnerability
Exploit
http://downloads.securityfocus.com/vulnerabilities/exploits/61334.py

Exploit

Jump to

Vulnerability Details : CVE-2013-4858

Products affected by CVE-2013-4858

Exploit prediction scoring system (EPSS) score for CVE-2013-4858

CVSS scores for CVE-2013-4858

CWE ids for CVE-2013-4858

References for CVE-2013-4858