CVE-2006-6134 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-6134
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-6134

Description: Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.

CVE Status: Candidate

References: ST 1017354 SREASON http://securityreason.com/securityalert/1922 SAID Secunia Advisory: SA22971 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:669 MS http://www.microsoft.com/technet/security/Bulletin/MS06-078.mspx MISC http://research.eeye.com/html/alerts/zeroday/20061122.html HP http://www.securityfocus.com/archive/1/archive/1/454969/100/200/threaded CONFIRM http://blogs.technet.com/msrc/archive/2006/12/07/public-proof-of-concept-code-for-asx-file-format-isssue.aspx http://support.avaya.com/elmodocs2/security/ASA-2006-274.htm CERT-VN 208769 CERT http://www.us-cert.gov/cas/techalerts/TA06-346A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/453579/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/452352/100/0/threaded BID 21247

Return to the previous page.