Release DateDec 12, 2006 |
Severitycritical |
ImpactDenial of Service and remote code execution. |
DescriptionThis indicates an attack attempt against a heap-based buffer overflow in Microsoft Windows Media Player (WMP).The vulnerability exists in the WMCheckURLScheme function in WMVCORE.DLL, which is part of WMP 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1. Remote attackers may exploit this to cause a denial-of-service condition, or to execute arbitrary code. |
Affected ProductsMicrosoft Windows Media Player 10.xMicrosoft Windows Media Player 6.x Microsoft Windows Media Player 7.x Microsoft Windows Media Player 8.x Microsoft Windows Media Player 9.x |
Recommended ActionsUpgrade to Windows Media Player 11 or apply patches. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-6134 |
Reference/shttp://technet.microsoft.com/en-us/security/bulletin/MS06-078.mspx (MS-ID)http://www.securityfocus.com/bid/21247 (BugTraq) |
