| ID |
CVE-2006-4702
|
| Summary |
Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. If the end user has administrative rights, the attacker could take complete control of the affected system. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:microsoft:windows_media_player:6.4:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_player:6.4:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
|
| CVSS |
| Base: | 6.8 (as of 17-10-2018 - 21:39) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| oval
via4
|
| accepted | 2015-12-22T12:30:00.000-05:00 | | class | vulnerability | | contributors | | name | Robert L. Hollis | | organization | ThreatGuard, Inc. |
| name | Jonathan Baker | | organization | The MITRE Corporation |
| name | Dragos Prisaca | | organization | G2, Inc. |
| name | Maria Mikhno | | organization | ALTX-SOFT |
| name | Maria Mikhno | | organization | ALTX-SOFT |
| | definition_extensions | | comment | Windows Media Player 6.4 is installed. | | oval | oval:org.mitre.oval:def:6408 |
| comment | Windows Media Format Runtime 7.1 is installed | | oval | oval:org.mitre.oval:def:29073 |
| comment | Windows Media Format Runtime 9.0 is installed | | oval | oval:org.mitre.oval:def:29023 |
| comment | Microsoft Windows XP SP2 or later is installed | | oval | oval:org.mitre.oval:def:521 |
| comment | Windows Media Format Runtime 9.5 is installed | | oval | oval:org.mitre.oval:def:28835 |
| comment | Windows Media Format Runtime 9.5 is installed | | oval | oval:org.mitre.oval:def:28835 |
| comment | Microsoft Windows Server 2003 is installed | | oval | oval:org.mitre.oval:def:128 |
| comment | Windows Media Format Runtime 9.5 is installed | | oval | oval:org.mitre.oval:def:28835 |
| | description | Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. | | family | windows | | id | oval:org.mitre.oval:def:536 | | status | accepted | | submitted | 2006-12-13T08:17:04 | | title | Windows Media Format ASF Parsing Vulnerability | | version | 78 |
|
| refmap
via4
|
|
| Last major update |
17-10-2018 - 21:39 |
| Published |
13-12-2006 - 01:28 |
| Last modified |
17-10-2018 - 21:39 |
