Lucene search

K
saintSAINT CorporationSAINT:9FF0EFFBFEB58E8C435812DB6BE2F525
HistoryFeb 16, 2006 - 12:00 a.m.

Windows Media Player plugin EMBED buffer overflow

2006-02-1600:00:00
SAINT Corporation
download.saintcorporation.com
13

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.947 High

EPSS

Percentile

99.3%

Added: 02/16/2006
CVE: CVE-2006-0005
BID: 16644
OSVDB: 23132

Background

The Windows Media Player plug-in allows the processing of embedded media from inside other applications, such as web browsers.

Problem

A buffer overflow in the Windows Media Player plug-in allows remote command execution when a long EMBED tag is processed by a non-Microsoft Internet browser.

Resolution

Install the patch referenced in Microsoft Security Bulletin 06-006.

References

<http://www.microsoft.com/technet/security/Bulletin/MS06-006.mspx&gt;

Limitations

Exploit works on Mozilla Firefox 1.5.0.1 on Windows.

Platforms

Windows

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.947 High

EPSS

Percentile

99.3%