ID CVE-2006-4702
Summary Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. If the end user has administrative rights, the attacker could take complete control of the affected system.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:windows_media_player:6.4:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:windows_media_player:6.4:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
CVSS
Base: 6.8 (as of 17-10-2018 - 21:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
oval via4
accepted 2015-12-22T12:30:00.000-05:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Dragos Prisaca
    organization G2, Inc.
  • name Maria Mikhno
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Windows Media Player 6.4 is installed.
    oval oval:org.mitre.oval:def:6408
  • comment Windows Media Format Runtime 7.1 is installed
    oval oval:org.mitre.oval:def:29073
  • comment Windows Media Format Runtime 9.0 is installed
    oval oval:org.mitre.oval:def:29023
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Windows Media Format Runtime 9.5 is installed
    oval oval:org.mitre.oval:def:28835
  • comment Windows Media Format Runtime 9.5 is installed
    oval oval:org.mitre.oval:def:28835
  • comment Microsoft Windows Server 2003 is installed
    oval oval:org.mitre.oval:def:128
  • comment Windows Media Format Runtime 9.5 is installed
    oval oval:org.mitre.oval:def:28835
description Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
family windows
id oval:org.mitre.oval:def:536
status accepted
submitted 2006-12-13T08:17:04
title Windows Media Format ASF Parsing Vulnerability
version 78
refmap via4
bid 21505
cert TA06-346A
confirm http://support.avaya.com/elmodocs2/security/ASA-2006-274.htm
hp
  • HPSBST02180
  • SSRT061288
sectrack 1017372
Last major update 17-10-2018 - 21:39
Published 13-12-2006 - 01:28
Last modified 17-10-2018 - 21:39
Back to Top