Info

Disclosure

Jun 13, 2006

Discovery

Feb 22, 2006

Dates

Exploit

Jun 16, 2006

Solution

Jul 19, 2006

Description

A remote overflow exists in Windows Media Player. The program fails to validate PNG image files resulting in a buffer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Commercial
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability in versions 9, 10 and XP. There is no current update for Windows 98, 98 SE or ME.

Products

Microsoft Corporation	Windows Media Player	9
		10
		for XP
		7.1
	Windows	98
		98 SE
		ME

References

Security Tracker: 1016284
OVAL ID: 1230 1729 1805 1807 1820 1974
Bugtraq ID: 18385
CVE ID: 2006-0025 (see also: NVD)
Secunia Advisory ID: 20626
SCIP VulDB ID: 2295
ISS X-Force ID: 26788
CERT VU: 608020
Microsoft Knowledge Base Article: 917734
VUPEN Advisory: ADV-2006-2322
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0260.html
Other Advisory URL: http://idefense.com/intelligence/vulnerabilities/display.php?id=406
Generic Exploit URL: http://immunitysec.com
http://www.saintcorporation.com/cgi-bin/exploit_info/wmp_png
Microsoft Security Bulletin: MS06-024
CERT: TA06-164A

Credit

Greg MacManus - iDEFENSE Labs

Direct URL: http://osvdb.org/26430

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Windows Media Player

Windows

References

Credit