Buffer Overflow in Microsoft Windows Media Player Plugin for Web Browsers
CVE-2006-0005

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2003 Server; Windows Server 2003; Windows Xp; Windows 2000
Vendor: CVE Published:; 14 February 2006

What is CVE-2006-0005?

A buffer overflow exists in the plugin for Microsoft Windows Media Player versions 9 and 10, particularly when it is used in web browsers other than Internet Explorer. This vulnerability allows remote attackers to execute arbitrary code on a user's system by crafting an HTML page with an EMBED element that contains a excessively long src attribute. Users who have set Windows Media Player as the default application for handling media files are at risk when visiting these malicious sites.

References

http://www.vupen.com/english/advisories/2006/0575

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/16644

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/24493

vdb-entryx_refsource_XF

EPSS Score

71% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 14, 2006
Vulnerability Reserved
Nov 9, 2005