| Vulnerability Name: | CVE-2006-0006 (CCN-24488) | ||||||||||||||||||||
| Assigned: | 2005-11-09 | ||||||||||||||||||||
| Published: | 2006-02-14 | ||||||||||||||||||||
| Updated: | 2018-10-19 | ||||||||||||||||||||
| Summary: | Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data. | ||||||||||||||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 7.3 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
6.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-119 | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2006-0006 Source: CCN Type: SA18835 Windows Media Player Bitmap File Processing Vulnerability Source: SECUNIA Type: Patch, Vendor Advisory 18835 Source: SREASON Type: UNKNOWN 423 Source: CCN Type: SECTRACK ID: 1015627 Windows Media Player Bitmap File Bug May Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: Patch 1015627 Source: CCN Type: ASA-2006-047 Windows Security Updates for February 2006 - (MS06-004 to MS06-010) Source: CCN Type: eEye Digital Security Advisory AD20060214 Windows Media Player BMP Heap Overflow Source: MISC Type: Patch, Vendor Advisory http://www.eeye.com/html/research/advisories/AD20060214.html Source: CCN Type: US-CERT VU#291396 Microsoft Windows Media Player vulnerable to buffer overflow in bitmap processing routine Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#291396 Source: CCN Type: Microsoft Security Bulletin MS06-005 Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565) Source: CCN Type: Microsoft Security Bulletin MS06-024 Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734) Source: BUGTRAQ Type: UNKNOWN 20060214 [EEYEB-20051017] Windows Media Player BMP Heap Overflow Source: BUGTRAQ Type: UNKNOWN 20060215 Windows Media Player BMP Heap Overflow (MS06-005) Source: BID Type: Exploit, Patch 16633 Source: CCN Type: BID-16633 Microsoft Windows Media Player Bitmap Handling Buffer Overflow Vulnerability Source: CERT Type: Third Party Advisory, US Government Resource TA06-045A Source: VUPEN Type: Vendor Advisory ADV-2006-0574 Source: MS Type: UNKNOWN MS06-005 Source: XF Type: UNKNOWN win-media-player-bmp-bo(24488) Source: XF Type: UNKNOWN win-media-player-bmp-bo(24488) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1256 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1578 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1598 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1661 | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||