Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.

The remote host is running Microsoft Windows Media Player version 9.  There is a vulnerability in the remote version of this software that may allow an attacker to execute arbitrary code on the remote host.  To exploit this flaw, an attacker would need to be able to convince a user to open a malicious media resource using the vulnerable player.

The remote host is running Microsoft Media Player version 10.  There is a vulnerability in the remote version of this software that may allow an attacker to execute arbitrary code on the remote host.  To exploit this flaw, one attacker would need to be able to convince a user to open a malicious media resource using the vulnerable player.

The remote host is running Windows Media Player.

There is a vulnerability in the remote version of this software that could allow an attacker to execute arbitrary code on the remote host.

To exploit this flaw, one attacker would need to set up a rogue PNG image and send it to a victim on the remote host.

ID	Name	Product	Family	Severity
3651	Microsoft Windows Media Player PBG File Processing Overflow (917734)	Nessus Network Monitor	Generic	medium
3650	Microsoft Windows Media Player PNG Processing Overflow (917734)	Nessus Network Monitor	Generic	medium
21688	MS06-024: Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)	Nessus	Windows : Microsoft Bulletins	high

Detections

Analytics

CVE-2006-0025

high

Tenable Plugins

medium

medium

high