Oval Definition:oval:org.mitre.oval:def:669
Revision Date:2015-08-10Version:46
Title:Windows Media Format ASX Parsing Vulnerability
Description:Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2006-6134
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows XP
Product(s):Windows Media Format Runtime 7.1
Windows Media Format Runtime 9.0
Windows Media Format Runtime 9.5
Definition Synopsis
  • AND
  • Windows Media Format Runtime 7.1 is installed
  • AND Wmvcore.dll for Windows Media Format 7.1 is installed.
  • AND the version of Wmvcore.dll is less than 7.10.0.3079
  • OR
  • Windows Media Format Runtime 9.0 is installed
  • AND Wmvcore.dll for Windows Media Format 9.0 is installed.
  • AND Wmvcore.dll version is less than 9.0.0.3265
  • OR
  • Windows Media Format Runtime 9.5 is installed
  • AND Microsoft Windows XP SP2 or later is installed
  • AND Wmvcore.dll for Windows Media Format 9.5 is installed.
  • AND Wmvcore.dll version is less than 10.0.0.3702
  • OR
  • Windows Media Format Runtime 9.5 is installed
  • AND a version of Windows for the x64 architecture is installed
  • AND Wmvcore.dll for Windows Media Format 9.5 is installed.
  • AND the version of Wmvcore.dll is less than 10.0.0.3810
  • OR
  • Microsoft Windows Server 2003 is installed
  • AND Windows Media Format Runtime 9.5 is installed
  • AND NOT a version of Windows for the x64 architecture is installed
  • AND Wmvcore.dll for Windows Media Format 9.5 is installed.
  • AND the version of Wmvcore.dll is less than 10.0.0.3708
    • BACK