AI description
CVE-2025-26666 is a heap-based buffer overflow vulnerability found in Windows Media. It allows an authorized attacker with local access to execute code on a vulnerable system. The vulnerability stems from a buffer overflow in the heap, which could allow an attacker to overwrite memory and potentially execute arbitrary code with the privileges of the affected application.
- Description
- Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-122
- Hype score
- Not currently trending
🚨CVE-2025-26666: Windows Media Remote Code Execution Vulnerability Credit: https://t.co/iTBPunZirA https://t.co/hmmtVP9xiH
@DarkWebInformer
8 May 2025
8988 Impressions
22 Retweets
132 Likes
61 Bookmarks
0 Replies
0 Quotes
🚀 We released a demo video for the CVE-2025-26666 Windows Media RCE Vulnerability, patched by Microsoft in Apr 2025. Watch the video and subscribe to our private vulnerability PoC and detailed report service at https://t.co/lv6J3q3DX1. https://t.co/JzE60nsyXR
@_patchpoint_
11 Apr 2025
2547 Impressions
9 Retweets
18 Likes
9 Bookmarks
0 Replies
0 Quotes
🚀We released a demo video for the CVE-2025-26666 Windows Media RCE Vulnerability, patched by Microsoft in Apr 2025. Watch the video and subscribe to our private vulnerability PoC and detailed report service at https://t.co/lv6J3q3DX1. https://t.co/JzE60nsyXR #WindowsMediaEngine
@_patchpoint_
11 Apr 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "13A4A79D-8D45-48FA-84F5-CE1A78E8E424",
"versionEndExcluding": "10.0.17763.7136"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "03AB53EC-354E-4F30-A278-2835CA341503",
"versionEndExcluding": "10.0.17763.7136"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2ACCA6F4-C140-4B2E-93FF-1B9DC093E831",
"versionEndExcluding": "10.0.19044.5737"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09E0970D-79B9-40D9-BFFF-25EE5A686B04",
"versionEndExcluding": "10.0.19045.5737"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "640C45C8-83C3-4BBC-9176-705BEAA80E64",
"versionEndExcluding": "10.0.22621.5189"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4CE9402D-6417-4F82-909A-D89C06C98794",
"versionEndExcluding": "10.0.22631.5189"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ED4B5FB3-A574-4DA6-9A43-0950B121CC92",
"versionEndExcluding": "10.0.26100.3775"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99601356-2DEE-482F-BCBC-A5C7D92D2D74",
"versionEndExcluding": "10.0.26100.3775"
}
],
"operator": "OR"
}
]
}
]