Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2006-6134 | First vendor Publication | 2006-11-27 |
| Vendor | Cve | Last vendor Modification | 2018-10-17 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6134 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:669 | |||
| Oval ID: | oval:org.mitre.oval:def:669 | ||
| Title: | Windows Media Format ASX Parsing Vulnerability | ||
| Description: | Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-6134 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Windows Media Format Runtime 7.1 Windows Media Format Runtime 9.0 Windows Media Format Runtime 9.5 |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 30819 | Microsoft Windows Media Player ASX Playlist Handling Overflow |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Windows Media Player ASF marker object parsing buffer overflow attempt RuleID : 9643 - Revision : 10 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows Media Player ASF codec list object parsing buffer overflow ... RuleID : 9642 - Revision : 10 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows Media Player ASF simple index object parsing buffer overflo... RuleID : 9641 - Revision : 10 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows Media Player ASX file ref href buffer overflow attempt RuleID : 9625 - Revision : 16 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows Media Player ASX file ref href buffer overflow attempt RuleID : 20653 - Revision : 8 - Type : FILE-MULTIMEDIA |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-12-12 | Name : Arbitrary code can be executed on the remote host through the Media Format Se... File : smb_nt_ms06-78.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:04:54 |
|
| 2021-04-22 01:05:31 |
|
| 2020-05-23 00:18:45 |
|
| 2019-03-18 12:01:30 |
|
| 2018-10-18 00:19:48 |
|
| 2018-10-13 00:22:35 |
|
| 2017-10-11 09:23:47 |
|
| 2016-04-26 15:20:57 |
|
| 2014-02-17 10:37:58 |
|
| 2014-01-19 21:23:40 |
|
| 2013-05-11 11:15:22 |
|
