search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Microsoft Windows Media Player PNG processing buffer overflow

Vulnerability Note VU#608020

Original Release Date: 2006-06-13 | Last Revised: 2006-06-13

Overview

Microsoft Windows Media Player contains a stack-based buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

Windows Media Player

Windows Media Player is a multimedia application that comes with Microsoft Windows.

The Problem

Windows Media Player fails to properly validate PNG image files (.png), potentially allowing a stack-based buffer overflow to occur.

For more information refer to Microsoft Security Bulletin MS06-024

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code. If the attacked user is running with administrative privileges, the attacker could take complete control of an affected system.

Solution

Apply a patch from Microsoft
Microsoft addresses this vulnerability with the updates listed in Microsoft Security Bulletin MS06-024.

For a list of workarounds refer to Microsoft Security Bulletin MS06-024.

Vendor Information

608020
 
Expand all

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

http://www.microsoft.com/technet/security/bulletin/ms06-024.mspx

Acknowledgements

This vulnerability was reported in Microsoft Security Bulletin MS06-024. Microsoft credits Greg MacManus of iDEFENSE with providing information related to this vulnerability.

This document was written by Jeff Gennari

Other Information

CVE IDs: CVE-2006-0025
Severity Metric: 40.72
Date Public: 2006-06-13
Date First Published: 2006-06-13
Date Last Updated: 2006-06-13 21:22 UTC
Document Revision: 17

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis