search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Microsoft Windows Media Player PNG processing buffer overflow

Vulnerability Note VU#608020

Original Release Date: 2006-06-13 | Last Revised: 2006-06-13


Microsoft Windows Media Player contains a stack-based buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.


Windows Media Player

Windows Media Player is a multimedia application that comes with Microsoft Windows.

The Problem

Windows Media Player fails to properly validate PNG image files (.png), potentially allowing a stack-based buffer overflow to occur.

For more information refer to Microsoft Security Bulletin MS06-024


A remote, unauthenticated attacker may be able to execute arbitrary code. If the attacked user is running with administrative privileges, the attacker could take complete control of an affected system.


Apply a patch from Microsoft
Microsoft addresses this vulnerability with the updates listed in Microsoft Security Bulletin MS06-024.

For a list of workarounds refer to Microsoft Security Bulletin MS06-024.

Vendor Information


Microsoft Corporation Affected

Updated:  June 13, 2006



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


Please see MS06-024.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector



This vulnerability was reported in Microsoft Security Bulletin MS06-024. Microsoft credits Greg MacManus of iDEFENSE with providing information related to this vulnerability.

This document was written by Jeff Gennari

Other Information

CVE IDs: CVE-2006-0025
Severity Metric: 40.72
Date Public: 2006-06-13
Date First Published: 2006-06-13
Date Last Updated: 2006-06-13 21:22 UTC
Document Revision: 17

Sponsored by CISA.