Intrusion Prevention

MS.Windows.Media.Player.ASX.PlayList.File.Heap.Overflow

Description

This indicates an attack attempt against a heap-based buffer overflow in Microsoft Windows Media Player (WMP).
The vulnerability exists in the WMCheckURLScheme function in WMVCORE.DLL, which is part of WMP 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1. Remote attackers may exploit this to cause a denial-of-service condition, or to execute arbitrary code.

Affected Products

Microsoft Windows Media Player 10.x
Microsoft Windows Media Player 6.x
Microsoft Windows Media Player 7.x
Microsoft Windows Media Player 8.x
Microsoft Windows Media Player 9.x

Impact

Denial of Service and remote code execution.

Recommended Actions

Upgrade to Windows Media Player 11 or apply patches.

CVE References

CVE-2006-6134