CVE-2006-6134: Buffer Overflow
First published: Tue Nov 28 2006(Updated: )
Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Windows Media Player | =10.00.00.4036 | |
| =10.00.00.4036 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/21247
- http://research.eeye.com/html/alerts/zeroday/20061122.html
- http://blogs.technet.com/msrc/archive/2006/12/07/public-proof-of-concept-code-for-asx-file-format-isssue.aspx
- http://www.kb.cert.org/vuls/id/208769
- http://secunia.com/advisories/22971
- http://securitytracker.com/id?1017354
- http://support.avaya.com/elmodocs2/security/ASA-2006-274.htm
- http://www.us-cert.gov/cas/techalerts/TA06-346A.html
- http://securityreason.com/securityalert/1922
- http://www.vupen.com/english/advisories/2006/4882
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A669
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-078
- http://www.securityfocus.com/archive/1/454969/100/200/threaded
- http://www.securityfocus.com/archive/1/453579/100/0/threaded
- http://www.securityfocus.com/archive/1/452352/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-6134?
CVE-2006-6134 is classified as a critical vulnerability due to its potential to allow remote code execution and application crashes.
How do I fix CVE-2006-6134?
The best way to fix CVE-2006-6134 is to update to a patched version of Microsoft Windows Media Player, or to consider disabling the software if the update is unavailable.
What platforms are affected by CVE-2006-6134?
CVE-2006-6134 affects Microsoft Windows Media Player version 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1.
What type of attack can exploit CVE-2006-6134?
CVE-2006-6134 can be exploited through specially crafted URLs that can cause a heap-based buffer overflow.
What are the consequences of exploiting CVE-2006-6134?
Exploitation of CVE-2006-6134 may lead to denial of service attacks or unauthorized execution of arbitrary code on the affected system.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/first-publish-date
- agent/description
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/weakness
- collector/nvd-index
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/microsoft
- canonical/windows media player
- version/windows media player/10.00.00.4036