#Security Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires a user to open a specially crafted file from the attacker to initiate remote code execution.

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** In a web-based attack scenario, an attacker could host a website or server that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally.

Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.

Buffer over-read in Windows Kernel allows an authorized attacker to disclose information over a network.

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally.

No cwe for this issue in UrlMon allows an unauthorized attacker to bypass a security feature over a network.