Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0005

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2006-0005
Last Modified 07 Mar 2011 09:29:09
Published 14 Feb 2006 02:06:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0005

Summary

Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2000 Advanced Server

  • Microsoft Windows 2000 Advanced Server Sp1

  • Microsoft Windows 2000 Advanced Server Sp2

  • Microsoft Windows 2000 Advanced Server Sp3

  • Microsoft Windows 2000 Advanced Server Sp4

  • Microsoft Windows 2003 Server Datacenter Edition

  • Microsoft Windows 2003 Server Datacenter Edition 64-bit

  • Microsoft Windows 2003 Server Enterprise Edition

  • Microsoft Windows 2003 Server Enterprise Edition 64-bit

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Standard 64-bit

  • Microsoft Windows 2003 Server Web Edition

  • Microsoft Windows Server 2000 None

  • Microsoft Windows Server 2000 Sp1

  • Microsoft Windows Server 2000 Sp2

  • Microsoft Windows Server 2000 Sp3

  • Microsoft Windows Server 2003 Datacenter Sp1

  • Microsoft Windows Server 2003 Enterprise Sp1

  • Microsoft Windows Server 2003 Standard Sp1

  • Microsoft Windows Server 2003 Web Edition Sp1

  • Microsoft Windows Xp

  • Microsoft Windows-nt 2000

  • Microsoft Windows-nt Datacenter Server

  • Microsoft Windows-nt Xp

  • Microsoft Windows-nt Xp Tablet Pc


References

CERT - TA06-045A

CERT-VN - VU#692060

XF - win-mediaplayer-plugin-embed-bo(24493)

VUPEN - ADV-2006-0575

BID - 16644

MS - MS06-006

IDEFENSE - 20060214 Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability

SECTRACK - 1015628

SECUNIA - 18852


Last Updated: 27 May 2016 10:41:29