CVE-2006-0005

EPSS 82.19%
Published 14.02.2006 19:06:00
Last modified 03.04.2025 01:03:51
Source secure@microsoft.com
Teams watchlist Login
Open Login

Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows-nt Versiondatacenter_server

Microsoft ≫ Windows-nt Versiondatacenter_server Updatesp1

Microsoft ≫ Windows-nt Versiondatacenter_server Updatesp2

Microsoft ≫ Windows-nt Versiondatacenter_server Updatesp3

Microsoft ≫ Windows-nt Versiondatacenter_server Updatesp4

Microsoft ≫ Windows-nt Versionxp Updatesp2 Editionhome

Microsoft ≫ Windows-nt Versionxp_tablet_pc

Microsoft ≫ Windows-nt Versionxp_tablet_pc Updatesp1

Microsoft ≫ Windows-nt Versionxp_tablet_pc Updatesp2

Microsoft ≫ Windows 2000 Updatesp1 Editionpro

Microsoft ≫ Windows 2000 Updatesp2 Editionpro

Microsoft ≫ Windows 2000 Updatesp3 Editionpro

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Windows 2000 Updatesp4 Editionpro

Microsoft ≫ Windows 2000 Version-

Microsoft ≫ Windows 2000 Advanced Server

Microsoft ≫ Windows 2000 Advanced Server Versionsp1

Microsoft ≫ Windows 2000 Advanced Server Versionsp2

Microsoft ≫ Windows 2000 Advanced Server Versionsp3

Microsoft ≫ Windows 2000 Advanced Server Versionsp4

Microsoft ≫ Windows 2003 Server Versiondatacenter_edition

Microsoft ≫ Windows 2003 Server Versiondatacenter_edition_64-bit

Microsoft ≫ Windows 2003 Server Versionenterprise_edition

Microsoft ≫ Windows 2003 Server Versionenterprise_edition_64-bit

Microsoft ≫ Windows 2003 Server Versionstandard

Microsoft ≫ Windows 2003 Server Versionstandard_64-bit

Microsoft ≫ Windows 2003 Server Versionweb_edition

Microsoft ≫ Windows Server 2000 Versionnone

Microsoft ≫ Windows Server 2000 Versionsp1

Microsoft ≫ Windows Server 2000 Versionsp2

Microsoft ≫ Windows Server 2000 Versionsp3

Microsoft ≫ Windows Server 2003 Versiondatacenter_sp1

Microsoft ≫ Windows Server 2003 Versionenterprise_sp1

Microsoft ≫ Windows Server 2003 Versionstandard_sp1

Microsoft ≫ Windows Server 2003 Versionweb_edition_sp1

Microsoft ≫ Windows Xp Editionhome

Microsoft ≫ Windows Xp Editionmedia_center

Microsoft ≫ Windows Xp Editionpro

Microsoft ≫ Windows Xp Editionx64

Microsoft ≫ Windows Xp Updatesp1 Editionhome

Microsoft ≫ Windows Xp Updatesp1 Editionmedia_center

Microsoft ≫ Windows Xp Updatesp1 Editionpro

Microsoft ≫ Windows Xp Updatesp2 Editionmedia_center

Microsoft ≫ Windows Xp Updatesp2 Editionpro

Microsoft ≫ Windows Xp Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	82.19%	0.992

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.us-cert.gov/cas/techalerts/TA06-045A.html

US Government Resource

http://secunia.com/advisories/18852

Vendor Advisory

http://securitytracker.com/id?1015628

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=393

http://www.kb.cert.org/vuls/id/692060

US Government Resource

http://www.securityfocus.com/bid/16644

http://www.vupen.com/english/advisories/2006/0575

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-006

https://exchange.xforce.ibmcloud.com/vulnerabilities/24493

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1559

https://nvd.nist.gov/vuln/detail/CVE-2006-0005

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0005

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0005

EUVD