FKIE_CVE-2006-0005

Vulnerability from fkie_nvd - Published: 2006-02-14 19:06 - Updated: 2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.
References
secure@microsoft.comhttp://secunia.com/advisories/18852Vendor Advisory
secure@microsoft.comhttp://securitytracker.com/id?1015628
secure@microsoft.comhttp://www.idefense.com/intelligence/vulnerabilities/display.php?id=393
secure@microsoft.comhttp://www.kb.cert.org/vuls/id/692060US Government Resource
secure@microsoft.comhttp://www.securityfocus.com/bid/16644
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA06-045A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2006/0575
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-006
secure@microsoft.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/24493
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1559
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18852Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1015628
af854a3a-2127-422b-91ae-364da2661108http://www.idefense.com/intelligence/vulnerabilities/display.php?id=393
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/692060US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/16644
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA06-045A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/0575
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-006
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/24493
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1559
Impacted products
Vendor Product Version
microsoft windows-nt datacenter_server
microsoft windows-nt datacenter_server
microsoft windows-nt datacenter_server
microsoft windows-nt datacenter_server
microsoft windows-nt datacenter_server
microsoft windows-nt xp
microsoft windows-nt xp_tablet_pc
microsoft windows-nt xp_tablet_pc
microsoft windows-nt xp_tablet_pc
microsoft windows_2000 *
microsoft windows_2000 *
microsoft windows_2000 *
microsoft windows_2000 *
microsoft windows_2000 *
microsoft windows_2000 -
microsoft windows_2000_advanced_server *
microsoft windows_2000_advanced_server sp1
microsoft windows_2000_advanced_server sp2
microsoft windows_2000_advanced_server sp3
microsoft windows_2000_advanced_server sp4
microsoft windows_2003_server datacenter_edition
microsoft windows_2003_server datacenter_edition_64-bit
microsoft windows_2003_server enterprise_edition
microsoft windows_2003_server enterprise_edition_64-bit
microsoft windows_2003_server standard
microsoft windows_2003_server standard_64-bit
microsoft windows_2003_server web_edition
microsoft windows_server_2000 none
microsoft windows_server_2000 sp1
microsoft windows_server_2000 sp2
microsoft windows_server_2000 sp3
microsoft windows_server_2003 datacenter_sp1
microsoft windows_server_2003 enterprise_sp1
microsoft windows_server_2003 standard_sp1
microsoft windows_server_2003 web_edition_sp1
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:datacenter_server:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D3249AF-05B0-4C34-BFBB-56B028806920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:datacenter_server:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "ED93DC7D-4A15-4D31-8509-07EDFD2F2907",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:datacenter_server:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E7FF5726-8AEC-43D9-834E-554326851007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:datacenter_server:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "2F0D9B07-41F4-4B04-9CFB-11D8AE8346CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:datacenter_server:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "A35E805B-ACED-4999-B365-2EAEA7BDBCE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:xp:sp2:home:*:*:*:*:*",
              "matchCriteriaId": "5C974913-1C52-48FD-8C50-E1BD1484DD81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:xp_tablet_pc:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EA18974-CD68-44C2-84A7-7C43CE392A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:xp_tablet_pc:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2C8B72F9-B944-4192-B1B9-2157B2824D84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:xp_tablet_pc:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "02F34464-B0E5-4D03-B5BD-79B46B8671A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:pro:*:*:*:*:*",
              "matchCriteriaId": "13FBAE6F-2EFF-447F-8392-ECB0FADD51D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:pro:*:*:*:*:*",
              "matchCriteriaId": "99970D48-98C0-44B4-803A-64D8A82E6823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:pro:*:*:*:*:*",
              "matchCriteriaId": "C805DC16-8660-4A9C-84A5-ADD108DA0509",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:pro:*:*:*:*:*",
              "matchCriteriaId": "C6C99A6D-BE32-4634-9261-81E26983FB84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "685F1981-EA61-4A00-89F8-A748A88962F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000_advanced_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C83CA0-6BF9-4A9B-9078-ED0FEBE106A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000_advanced_server:sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F75E7A74-DA7D-49D8-AF65-A96496F28542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000_advanced_server:sp2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD2C8535-5107-4772-AF13-EBC710C9254A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000_advanced_server:sp3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1392664E-9EBF-4009-9DC6-4A1327B5C77E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000_advanced_server:sp4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FEE2351-7780-4276-8259-F8B51A9057BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*",
              "matchCriteriaId": "480D8321-EB2F-4626-A16B-F3C2B771EDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F633513-6E9A-4F2D-964A-6AFDE5307AD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:*:*:*:*:*:*:*",
              "matchCriteriaId": "0095FE21-F45F-4D50-A22B-6AEF5ED4D691",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3AF27C8-C2FA-477D-8332-B96277530B4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*",
              "matchCriteriaId": "709E6DA0-09F8-4EAB-B1B2-D4D0A7771AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3AC387D-BB23-4EB9-A7DA-6E3F5CD8EFD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web_edition:*:*:*:*:*:*:*",
              "matchCriteriaId": "E296F83E-39E1-4DA0-A410-DDD17BDB3939",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2000:none:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C01123-902E-4D3E-A752-30468074C859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2000:sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "484FF31A-2A02-4178-BBBD-9122823C6555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2000:sp2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E6E14CB-0248-483C-BCBB-490CF016B04B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2000:sp3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC091471-7FC0-4FA0-89DB-AEA9B600C631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:datacenter_sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09A3A431-9CB0-45F6-8E9E-84A445B117B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:enterprise_sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31390E94-0808-490A-B539-E46786CBC2CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:standard_sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "98B4B063-005F-4429-8CF9-402E24A7E420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:web_edition_sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E83E3F8C-E5C0-4616-81B7-9BFE4555B597",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
              "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*",
              "matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:pro:*:*:*:*:*",
              "matchCriteriaId": "19DA594E-B495-4C5D-BC94-79582D3983C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "ACF75FC8-095A-4EEA-9A41-C27CFF3953FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
              "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*",
              "matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:pro:*:*:*:*:*",
              "matchCriteriaId": "E78E8FC4-9D64-4ADC-B318-55F4337B7EEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*",
              "matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:pro:*:*:*:*:*",
              "matchCriteriaId": "261215DA-7018-4CE5-B055-0935DF9089A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47EBFCC-1828-45AB-BC6D-FB980929A81A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute."
    }
  ],
  "id": "CVE-2006-0005",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-02-14T19:06:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18852"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securitytracker.com/id?1015628"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=393"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/692060"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/16644"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-045A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2006/0575"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-006"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24493"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1559"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/692060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/16644"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-045A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/0575"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1559"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.