|
Microsoft created the Windows Media Player Plug-in so users of browsers other than Internet Explorer could view embedded Windows Media format content from within non-Microsoft browsers, such as Firefox, with this optional plug-in installed.
Unfortunately, due to an oversite in the coding of the plug-ins, it is possible to craft a long embed src tag in such a way that it will cause a buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, allowing remote code injection and execution, if either of these plug-ins is set up as the default application to handle media files.
Initially, this vulnerability was responsibly (privately) reported to Microsoft on 31 August, 2005. Microsoft issued correcting patches on 14 February 2006 as noted in (MSO6-006), on the same day the exploit was announced publicly.
CVE-2006-0005
|
Cart
