|
|
|||
| Rule General Information |
|---|
| Release Date: | 2015-09-16 | |
| Rule Name: | Microsoft Windows Media Player ASX Playlist Parsing Buffer Overflow Vulnerability -2 (CVE-2006-6134) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file. | |
| Impact: | A buffer overflow vulnerability can be triggered by an attacker in the context of the vulnerable product. Further attacks include arbitrary code execution and denial of service. | |
| Affected OS: | Windows | |
| Reference: | http://www.microsoft.com/technet/security/Bulletin/MS06-078.mspx SecurityFocusBID:21247 |
|
| Solutions |
|---|
| Microsoft has released a patch MS06-078 to eliminate the vulnerability. The patch can be downloaded at http://www.microsoft.com/technet/security/Bulletin/MS06-078.mspx |