CVE-2006-0006

Published Feb 14, 2006

Last updated 6 years ago

CVSS info 9.3

Overview

Description: Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
Source: secure@microsoft.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:windows_media_player:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C66EBE04-CE6A-4B81-BC09-60DC5DB121E3"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:windows_media_player:9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3778BBD3-6C58-46DF-B1EB-ED02513CA8D6"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:windows_media_player:10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C28602CC-7866-4C30-B518-055923599A18"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "330B6798-5380-44AD-9B52-DF5955FA832C"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA733AD2-D948-46A0-A063-D29081A56F1F"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References