|
|
>> Microsoft Windows Media Player Plugin Remote Vulnerability (MS06-006)
|
Title : Microsoft Windows Media Player Plugin Remote Vulnerability (MS06-006)
VUPEN ID : VUPEN/ADV-2006-0575
CVE ID : CVE-2006-0005
CWE ID : CWE-OVAL1559
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-02-14
|
|
A vulnerability has been identified in Windows Media Player plug-in, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a buffer overflow error when processing an overly long "embed src" tag, which could be exploited by remote attackers to take complete control of the affected system by convincing a user to visit a specially crafted web site using a non-Microsoft Internet browser (e.g. Netscape or Firefox) [...]
Affected Products
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 x64 Edition
Credits
Vulnerability reported by John Cobb
ChangeLog
2006-02-14 : Initial release
2006-02-17 : Exploits released
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
