Published: 14/02/2006 Updated: 30/04/2019

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 945

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote malicious users to execute arbitrary code via HTML with an EMBED element containing a long src attribute.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows-nt datacenter_server
microsoft windows xp -
microsoft windows 2000
microsoft windows 2003 server datacenter_edition_64-bit
microsoft windows 2003 server enterprise_edition
microsoft windows server 2000 sp2
microsoft windows server 2000 sp3
microsoft windows xp
microsoft windows 2000 -
microsoft windows-nt xp
microsoft windows-nt xp_tablet_pc
microsoft windows 2000 advanced server
microsoft windows 2003 server enterprise_edition_64-bit
microsoft windows 2003 server standard
microsoft windows server 2003 datacenter_sp1
microsoft windows server 2003 enterprise_sp1
microsoft windows 2000 advanced server sp4
microsoft windows 2003 server datacenter_edition
microsoft windows server 2000 none
microsoft windows server 2000 sp1
microsoft windows 2000 advanced server sp1
microsoft windows 2000 advanced server sp2
microsoft windows 2000 advanced server sp3
microsoft windows 2003 server standard_64-bit
microsoft windows 2003 server web_edition
microsoft windows server 2003 standard_sp1
microsoft windows server 2003 web_edition_sp1

#!/usr/bin/perl # # wmp-profiteerpl # Exploiting 'Non-Critical' Media Player Vulnerabilities for Fun and Profit # By Matthew Murphy (mattmurphy@kcrrcom) # # It's come to my attention that the HTML versions of the exploit posted on # several sites have become mangled Notables include SecuriTeam and FrSIRT # Neither one, though, can beat Securit ...

## # This file is part of the Metasploit Framework and may be redistributed # according to the licenses defined in the Authors field below In the # case of an unknown or missing license, this file defaults to the same # license as the core Framework (dual GPLv2 and Artistic) The latest # version of the Framework can always be obtained from metasp ...

<HTML> <HEAD> <TITLE>WMP Plugin EMBED Exploit</TITLE> <SCRIPT> // Windows Media Player Plug-In EMBED Overflow Universal Exploit (MS06-006) // By Matthew Murphy (mattmurphy@kcrrcom) // // DISCLAIMER: // // This exploit code is intended only as a demonstration tool for // educational or testing purposes It is not inte ...

CWE-119 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=393 http://www.kb.cert.org/vuls/id/692060 http://www.us-cert.gov/cas/techalerts/TA06-045A.html http://www.securityfocus.com/bid/16644 http://securitytracker.com/id?1015628 http://secunia.com/advisories/18852 http://www.vupen.com/english/advisories/2006/0575 https://exchange.xforce.ibmcloud.com/vulnerabilities/24493 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1559 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-006 https://nvd.nist.gov https://www.exploit-db.com/exploits/1520/https://www.kb.cert.org/vuls/id/692060

CVE-2006-0005

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect