Lucene search

K
saintSAINT CorporationSAINT:9328EEE04FE799CF2C8D0D8EFDDE76F7
HistoryFeb 16, 2006 - 12:00 a.m.

Windows Media Player plugin EMBED buffer overflow

2006-02-1600:00:00
SAINT Corporation
download.saintcorporation.com
7

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.947

Percentile

99.3%

Added: 02/16/2006
CVE: CVE-2006-0005
BID: 16644
OSVDB: 23132

Background

The Windows Media Player plug-in allows the processing of embedded media from inside other applications, such as web browsers.

Problem

A buffer overflow in the Windows Media Player plug-in allows remote command execution when a long EMBED tag is processed by a non-Microsoft Internet browser.

Resolution

Install the patch referenced in Microsoft Security Bulletin 06-006.

References

<http://www.microsoft.com/technet/security/Bulletin/MS06-006.mspx&gt;

Limitations

Exploit works on Mozilla Firefox 1.5.0.1 on Windows.

Platforms

Windows

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.947

Percentile

99.3%