Microsoft Windows Media Player BMP Handling Buffer Overflow Exploit Hits the Web
If you haven't patched yet, boys and girls, you probably should. Technical Description
Exploit announcement via FrSIRT.
Advisory here.
Advisory ID : FrSIRT/ADV-2006-0574
CVE ID : CVE-2006-0006
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-02-14
A vulnerability has been identified in Microsoft Windows Media Player, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a buffer overflow error in the bitmap (.bmp) image parsing function that fails to properly handle malformed files, which could be exploited by attackers to take complete control of the affected system by convincing a user to visit a specially crafted web site or open a malicious Word document containing a malformed Windows Media Player (.wmp) image.
http://www.frsirt.com/exploits/20060215.wmp-ms06-005.cpp.php
0 Comments:
Post a Comment
<< Home