CVE-2006-0005 (CNNVD-200602-192)
CRITICAL
有利用代码
中文标题:
Microsoft Windows Media Player插件缓冲区溢出漏洞
英文标题:
Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in brows...
CVSS分数:
9.3
发布时间:
2006-02-14 19:00:00
漏洞类型:
缓冲区错误
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v6
漏洞描述
中文描述:
Microsoft Windows Media Player是一款非常流行的媒体播放器。 Windows Media layer(WMP)可在流行的浏览器中作为插件启动以便用户浏览网页上的Windows Media Player文件类型。 Microsoft Windows Media Player插件实现上存在缓冲区溢出漏洞,在某些环境下,远程攻击者可能利用此漏洞在用户机器上执行任意指令。一些非IE的浏览器(如FireFox和Netscape)中,Windows Media Player插件中的漏洞可以被触发,IE及Opera浏览器不受此漏洞影响。如果上述浏览器浏览嵌入了超长src标签的恶意HTML页面并启动WMP插件的话,可以覆盖SEH地址导致在系统中执行任意指令。具体来说,漏洞存在于npdsplay.10001040,在这里用户提供的字符串被拷贝到了栈缓冲区中: 1000171A C1E9 02 SHR ECX,2 >> 1000171D F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] 1000171F 8BC8 MOV ECX,EAX
英文描述:
Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.
CWE类型:
CWE-119
标签:
remote
windows
H D Moore
OSVDB-23132
MS06-006
Matthew Murphy
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| microsoft | windows-nt | datacenter_server | - | - |
cpe:2.3:o:microsoft:windows-nt:datacenter_server:*:*:*:*:*:*:*
|
| microsoft | windows-nt | xp | - | - |
cpe:2.3:o:microsoft:windows-nt:xp:sp2:home:*:*:*:*:*
|
| microsoft | windows-nt | xp_tablet_pc | - | - |
cpe:2.3:o:microsoft:windows-nt:xp_tablet_pc:*:*:*:*:*:*:*
|
| microsoft | windows_2000 | * | - | - |
cpe:2.3:o:microsoft:windows_2000:*:sp1:pro:*:*:*:*:*
|
| microsoft | windows_2000 | - | - | - |
cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
|
| microsoft | windows_2000_advanced_server | * | - | - |
cpe:2.3:o:microsoft:windows_2000_advanced_server:*:*:*:*:*:*:*:*
|
| microsoft | windows_2000_advanced_server | sp1 | - | - |
cpe:2.3:o:microsoft:windows_2000_advanced_server:sp1:*:*:*:*:*:*:*
|
| microsoft | windows_2000_advanced_server | sp2 | - | - |
cpe:2.3:o:microsoft:windows_2000_advanced_server:sp2:*:*:*:*:*:*:*
|
| microsoft | windows_2000_advanced_server | sp3 | - | - |
cpe:2.3:o:microsoft:windows_2000_advanced_server:sp3:*:*:*:*:*:*:*
|
| microsoft | windows_2000_advanced_server | sp4 | - | - |
cpe:2.3:o:microsoft:windows_2000_advanced_server:sp4:*:*:*:*:*:*:*
|
| microsoft | windows_2003_server | datacenter_edition | - | - |
cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*
|
| microsoft | windows_2003_server | datacenter_edition_64-bit | - | - |
cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*
|
| microsoft | windows_2003_server | enterprise_edition | - | - |
cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:*:*:*:*:*:*:*
|
| microsoft | windows_2003_server | enterprise_edition_64-bit | - | - |
cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*
|
| microsoft | windows_2003_server | standard | - | - |
cpe:2.3:o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*
|
| microsoft | windows_2003_server | standard_64-bit | - | - |
cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*
|
| microsoft | windows_2003_server | web_edition | - | - |
cpe:2.3:o:microsoft:windows_2003_server:web_edition:*:*:*:*:*:*:*
|
| microsoft | windows_server_2000 | none | - | - |
cpe:2.3:o:microsoft:windows_server_2000:none:*:*:*:*:*:*:*
|
| microsoft | windows_server_2000 | sp1 | - | - |
cpe:2.3:o:microsoft:windows_server_2000:sp1:*:*:*:*:*:*:*
|
| microsoft | windows_server_2000 | sp2 | - | - |
cpe:2.3:o:microsoft:windows_server_2000:sp2:*:*:*:*:*:*:*
|
| microsoft | windows_server_2000 | sp3 | - | - |
cpe:2.3:o:microsoft:windows_server_2000:sp3:*:*:*:*:*:*:*
|
| microsoft | windows_server_2003 | datacenter_sp1 | - | - |
cpe:2.3:o:microsoft:windows_server_2003:datacenter_sp1:*:*:*:*:*:*:*
|
| microsoft | windows_server_2003 | enterprise_sp1 | - | - |
cpe:2.3:o:microsoft:windows_server_2003:enterprise_sp1:*:*:*:*:*:*:*
|
| microsoft | windows_server_2003 | standard_sp1 | - | - |
cpe:2.3:o:microsoft:windows_server_2003:standard_sp1:*:*:*:*:*:*:*
|
| microsoft | windows_server_2003 | web_edition_sp1 | - | - |
cpe:2.3:o:microsoft:windows_server_2003:web_edition_sp1:*:*:*:*:*:*:*
|
| microsoft | windows_xp | * | - | - |
cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
|
| microsoft | windows_xp | - | - | - |
cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
ADV-2006-0575
vdb-entry
cve.org
访问
cve.org
16644
vdb-entry
cve.org
访问
cve.org
win-mediaplayer-plugin-embed-bo(24493)
vdb-entry
cve.org
访问
cve.org
1015628
vdb-entry
cve.org
访问
cve.org
VU#692060
third-party-advisory
cve.org
访问
cve.org
20060214 Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability
third-party-advisory
cve.org
访问
cve.org
MS06-006
vendor-advisory
cve.org
访问
cve.org
oval:org.mitre.oval:def:1559
vdb-entry
cve.org
访问
cve.org
TA06-045A
third-party-advisory
cve.org
访问
cve.org
18852
third-party-advisory
cve.org
访问
cve.org
ExploitDB EDB-1504
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-1504
EXPLOIT
exploitdb
访问
exploitdb
CVE Reference: CVE-2006-0005
ADVISORY
cve.org
访问
cve.org
ExploitDB EDB-1505
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-1505
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-1520
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-1520
EXPLOIT
exploitdb
访问
exploitdb
CVSS评分详情
9.3
CRITICAL
CVSS向量:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS版本:
2.0
机密性
COMPLETE
完整性
COMPLETE
可用性
COMPLETE
时间信息
发布时间:
2006-02-14 19:00:00
修改时间:
2024-08-07 16:18:20
创建时间:
2025-11-11 15:32:30
更新时间:
2025-11-11 16:09:01
利用信息
此漏洞有可利用代码!
利用代码数量:
3
利用来源:
未知
未知
未知
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2006-0005 |
2025-11-11 15:17:38 | 2025-11-11 07:32:30 |
| NVD | nvd_CVE-2006-0005 |
2025-11-11 14:51:47 | 2025-11-11 07:41:16 |
| CNNVD | cnnvd_CNNVD-200602-192 |
2025-11-11 15:08:50 | 2025-11-11 07:49:04 |
| EXPLOITDB | exploitdb_EDB-1504 |
2025-11-11 15:05:57 | 2025-11-11 08:08:48 |
| EXPLOITDB | exploitdb_EDB-1505 |
2025-11-11 15:05:57 | 2025-11-11 08:08:48 |
| EXPLOITDB | exploitdb_EDB-1520 |
2025-11-11 15:05:57 | 2025-11-11 08:09:01 |
版本与语言
当前版本:
v6
主要语言:
EN
支持语言:
EN
ZH
其他标识符:
:
:
:
:
:
:
安全公告
暂无安全公告信息
变更历史
v6
EXPLOITDB
2025-11-11 16:09:01
references_count: 15 → 17
查看详细变更
- references_count: 15 -> 17
v5
EXPLOITDB
2025-11-11 16:08:48
references_count: 13 → 15; tags_count: 5 → 6
查看详细变更
- references_count: 13 -> 15
- tags_count: 5 -> 6
v4
EXPLOITDB
2025-11-11 16:08:48
references_count: 10 → 13; tags_count: 0 → 5; data_sources: ['cnnvd', 'cve', 'nvd'] → ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
- references_count: 10 -> 13
- tags_count: 0 -> 5
- data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
v3
CNNVD
2025-11-11 15:49:04
vulnerability_type: 未提取 → 缓冲区错误; cnnvd_id: 未提取 → CNNVD-200602-192; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 缓冲区错误
- cnnvd_id: 未提取 -> CNNVD-200602-192
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:41:16
severity: SeverityLevel.MEDIUM → SeverityLevel.CRITICAL; cvss_score: 未提取 → 9.3; cvss_vector: NOT_EXTRACTED → AV:N/AC:M/Au:N/C:C/I:C/A:C; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 27; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.CRITICAL
- cvss_score: 未提取 -> 9.3
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:M/Au:N/C:C/I:C/A:C
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 27
- data_sources: ['cve'] -> ['cve', 'nvd']