Vulnerability Details CVE-2006-0005
Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.718
EPSS Ranking 98.6%
CVSS Severity
CVSS v2 Score 9.3
References
- http://secunia.com/advisories/18852
- http://securitytracker.com/id?1015628
- http://www.idefense.com/intelligence/vulnerabilities/display.php?id=393
- http://www.kb.cert.org/vuls/id/692060
- http://www.securityfocus.com/bid/16644
- http://www.us-cert.gov/cas/techalerts/TA06-045A.html
- http://www.vupen.com/english/advisories/2006/0575
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-006
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24493
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1559
- http://secunia.com/advisories/18852
- http://securitytracker.com/id?1015628
- http://www.idefense.com/intelligence/vulnerabilities/display.php?id=393
- http://www.kb.cert.org/vuls/id/692060
- http://www.securityfocus.com/bid/16644
- http://www.us-cert.gov/cas/techalerts/TA06-045A.html
- http://www.vupen.com/english/advisories/2006/0575
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-006
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24493
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1559
Products affected by CVE-2006-0005
-
cpe:2.3:o:microsoft:windows-nt:datacenter_server
-
cpe:2.3:o:microsoft:windows-nt:xp
-
cpe:2.3:o:microsoft:windows-nt:xp_tablet_pc
-
cpe:2.3:o:microsoft:windows_2000:*
-
cpe:2.3:o:microsoft:windows_2000:-
-
cpe:2.3:o:microsoft:windows_2000_advanced_server:*
-
cpe:2.3:o:microsoft:windows_2000_advanced_server:sp1
-
cpe:2.3:o:microsoft:windows_2000_advanced_server:sp2
-
cpe:2.3:o:microsoft:windows_2000_advanced_server:sp3
-
cpe:2.3:o:microsoft:windows_2000_advanced_server:sp4
-
cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition
-
cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit
-
cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition
-
cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit
-
cpe:2.3:o:microsoft:windows_2003_server:standard
-
cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit
-
cpe:2.3:o:microsoft:windows_2003_server:web_edition
-
cpe:2.3:o:microsoft:windows_server_2000:none
-
cpe:2.3:o:microsoft:windows_server_2000:sp1
-
cpe:2.3:o:microsoft:windows_server_2000:sp2
-
cpe:2.3:o:microsoft:windows_server_2000:sp3
-
cpe:2.3:o:microsoft:windows_server_2003:datacenter_sp1
-
cpe:2.3:o:microsoft:windows_server_2003:enterprise_sp1
-
cpe:2.3:o:microsoft:windows_server_2003:standard_sp1
-
cpe:2.3:o:microsoft:windows_server_2003:web_edition_sp1
-
cpe:2.3:o:microsoft:windows_xp:*
-
cpe:2.3:o:microsoft:windows_xp:-