|
|
>> Microsoft Windows Media Player Plugin Remote Vulnerability (MS06-006)
|
Title : Microsoft Windows Media Player Plugin Remote Vulnerability (MS06-006)
VUPEN ID : VUPEN/ADV-2006-0575
CVE ID : CVE-2006-0005
CWE ID : CWE-OVAL1559
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-02-14
|
|
A vulnerability has been identified in Windows Media Player plug-in, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a buffer overflow error when processing an overly long "embed src" tag, which could be exploited by remote attackers to take complete control of the affected system by convincing a user to visit a specially crafted web site using a non-Microsoft Internet browser (e.g. Netscape or Firefox) [...]
References
http://www.vupen.com/english/advisories/2006/0575
http://www.frsirt.com/english/reference/5871
http://www.microsoft.com/technet/security/Bulletin/MS06-006.mspx
Credits
Vulnerability reported by John Cobb
ChangeLog
2006-02-14 : Initial release
2006-02-17 : Exploits released
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
