Vulnerability CVE-2006-0005 - CERT Civis.Net

Vulnerability Name:

CVE-2006-0005 (CCN-24493)

Assigned:

2005-11-09

Published:

2006-02-14

Updated:

2019-04-30

Summary:

Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.

CVSS v3 Severity:

9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2006-0005

Source: CCN
Type: SA18852
Windows Media Player Plug-in EMBED Element Buffer Overflow

Source: SECUNIA
Type: Vendor Advisory
18852

Source: CCN
Type: SECTRACK ID: 1015628
Windows Media Player Plug-in for 3rd Party Browsers Buffer Overflow in Processing EMBED Elements Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1015628

Source: CCN
Type: ASA-2006-047
Windows Security Updates for February 2006 - (MS06-004 to MS06-010)

Source: IDEFENSE
Type: UNKNOWN
20060214 Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability

Source: CCN
Type: US-CERT VU#692060
Microsoft Windows Media Player plug-in buffer overflow

Source: CERT-VN
Type: US Government Resource
VU#692060

Source: CCN
Type: Microsoft Security Bulletin MS06-006
Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)

Source: BID
Type: UNKNOWN
16644

Source: CCN
Type: BID-16644
Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability

Source: CERT
Type: US Government Resource
TA06-045A

Source: VUPEN
Type: UNKNOWN
ADV-2006-0575

Source: MS
Type: UNKNOWN
MS06-006

Source: XF
Type: UNKNOWN
win-mediaplayer-plugin-embed-bo(24493)

Source: XF
Type: UNKNOWN
win-mediaplayer-plugin-embed-bo(24493)

Source: CCN
Type: iDEFENSE Security Advisory 02.14.06
Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1559

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows-nt:datacenter_server:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows-nt:datacenter_server:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows-nt:datacenter_server:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows-nt:datacenter_server:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows-nt:datacenter_server:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows-nt:xp:sp2:home:*:*:*:*:*

OR cpe:/o:microsoft:windows-nt:xp_tablet_pc:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows-nt:xp_tablet_pc:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows-nt:xp_tablet_pc:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp1:pro:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp2:pro:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp3:pro:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp4:pro:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000_advanced_server:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000_advanced_server:sp1:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000_advanced_server:sp2:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000_advanced_server:sp3:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000_advanced_server:sp4:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_edition:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:web_edition:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server:2000:-:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server:2000:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server:2000:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server:2000:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:datacenter_sp1:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:enterprise_sp1:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:standard_sp1:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:web_edition_sp1:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:pro:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:pro:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:pro:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:windows_2003:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:1559	V	Windows Media Player Plug-in EMBED Vulnerability	2014-06-30