Vulnerability Bulletins |
Desbordamiento de búfer en Windows Media Player |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Principiante |
Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
Property | Value |
Affected manufacturer | Microsoft |
Affected software |
Windows Media Player 7.1 Windows Media Player 9 Windows Media Player 10 |
Description |
|
Se ha descubierto una vulnerabilidad de desbordamiento de búfer en Windows Media Player 7.1, 9 y 10. La vulnerabilidad reside en el manejo de ficheros bitmap (.BMP). Un atacante remoto podría ejecutar código arbitrario mediante un fichero .bmp especialmente diseñado. |
|
Solution |
|
Actualización de software Microsoft Windows Media Player for XP / Microsoft Windows XP SP1 http://www.microsoft.com/downloads/details.aspx?FamilyId=110054F2-244D-4036-B98C-E951CBA7E9BA Windows Media Player 9 / Microsoft Windows XP SP2 http://www.microsoft.com/downloads/details.aspx?FamilyId=8F9EEF16-04F7-4DA8-A0EF-1797B52D0B4B Windows Media Player 9 / Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=8F9EEF16-04F7-4DA8-A0EF-1797B52D0B4B Microsoft Windows Media Player 7.1 / Windows 2000 SP4 http://www.microsoft.com/downloads/details.aspx?FamilyId=26A0B9E1-1242-4E55-B3D4-8377B83257C6 Microsoft Windows Media Player 9 / Windows 2000 SP4, Windows XP SP1 http://www.microsoft.com/downloads/details.aspx?FamilyId=8F9EEF16-04F7-4DA8-A0EF-1797B52D0B4B Microsoft Windows Media Player 10 / Windows XP SP1,SP2 http://www.microsoft.com/downloads/details.aspx?FamilyId=182735E1-9382-4F2E-A624-D2316A96B411 |
|
Standar resources |
|
Property | Value |
CVE | CVE-2006-0006 |
BID | |
Other resources |
|
Microsoft Security Bulletin (MS06-005) http://www.microsoft.com/technet/security/Bulletin/MS06-005.mspx Microsoft Security Bulletin (MS06-024) http://www.microsoft.com/technet/security/Bulletin/MS06-024.mspx |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2006-02-15 |
2.0 | Exploit público disponible | 2006-02-21 |
2.1 | Aviso emitido por Microsoft (MS06-024) | 2006-06-23 |