Lucene search

SAINT CorporationSAINT:9FF0EFFBFEB58E8C435812DB6BE2F525

HistoryFeb 16, 2006 - 12:00 a.m.

Windows Media Player plugin EMBED buffer overflow

2006-02-1600:00:00

SAINT Corporation

download.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.963 High

EPSS

Percentile

99.4%

JSON

Added: 02/16/2006
CVE: CVE-2006-0005
BID: 16644
OSVDB: 23132

Background

The Windows Media Player plug-in allows the processing of embedded media from inside other applications, such as web browsers.

Problem

A buffer overflow in the Windows Media Player plug-in allows remote command execution when a long EMBED tag is processed by a non-Microsoft Internet browser.

Resolution

Install the patch referenced in Microsoft Security Bulletin 06-006.

References

<http://www.microsoft.com/technet/security/Bulletin/MS06-006.mspx>

Limitations

Exploit works on Mozilla Firefox 1.5.0.1 on Windows.

Platforms

Windows

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.963 High

EPSS

Percentile

99.4%

JSON

Related for SAINT:9FF0EFFBFEB58E8C435812DB6BE2F525