Vulnerability Note VU#608020

Microsoft Windows Media Player PNG processing buffer overflow

Original Release date: 13 Jun 2006 | Last revised: 13 Jun 2006

Overview

Microsoft Windows Media Player contains a stack-based buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

Windows Media Player

Windows Media Player is a multimedia application that comes with Microsoft Windows.

The Problem

Windows Media Player fails to properly validate PNG image files (.png), potentially allowing a stack-based buffer overflow to occur.

For more information refer to Microsoft Security Bulletin MS06-024

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code. If the attacked user is running with administrative privileges, the attacker could take complete control of an affected system.

Solution

Apply a patch from Microsoft
Microsoft addresses this vulnerability with the updates listed in Microsoft Security Bulletin MS06-024.

For a list of workarounds refer to Microsoft Security Bulletin MS06-024.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Microsoft CorporationAffected-13 Jun 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported in Microsoft Security Bulletin MS06-024. Microsoft credits Greg MacManus of iDEFENSE with providing information related to this vulnerability.

This document was written by Jeff Gennari

Other Information

  • CVE IDs: CVE-2006-0025
  • Date Public: 13 Jun 2006
  • Date First Published: 13 Jun 2006
  • Date Last Updated: 13 Jun 2006
  • Severity Metric: 40.72
  • Document Revision: 16

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.