CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.1%
Added: 06/16/2006
CVE: CVE-2006-0025
BID: 18385
OSVDB: 26430
Windows Media Player is an audio and video media player for Windows platforms.
A buffer overflow in Windows Media Player allows command execution when a user opens a specially crafted PNG image file.
Apply the patch referenced in Microsoft Security Bulletin 06-024.
<http://www.kb.cert.org/vuls/id/608020>
<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=406>
Successful exploitation requires a user to download a PNG file and open it in Windows Media Player.
Execution of this exploit requires the Digest::CRC PERL module. On Linux systems this is typically found in a package named such as libdigest-crc-perl or perl-Digest-CRC.
Windows 2000