Signature Detail

HTTP: Windows Media Player Media File Handling Denial of Service

This signature detects attempts to exploit a known vulnerability against Windows Media Player version 10.00.00.4036. A successful attack can result in a denial-of-service condition.

Extended Description

Multiple applications are prone to a denial-of-service vulnerability. A remote attacker may exploit this vulnerability by presenting malicious 'WMV', 'MID', and 'AVI' files to a victim user. When an affected application processes this image, the application crashes, effectively denying service. It is not known at this time if this issue can be leveraged to execute arbitrary code; this BID will be updated as further information becomes available.

Affected Products

• Microsoft Windows 2000 Advanced Server SP4
• Microsoft Windows 2000 Datacenter Server SP4
• Microsoft Windows 2000 Professional SP4
• Microsoft Windows 2000 Server SP4
• Microsoft Windows Explorer
• Microsoft Windows Media Player 10.0
• Microsoft Windows Media Player 6.4
• Microsoft Windows XP Home SP2
• Microsoft Windows XP Media Center Edition SP2
• Microsoft Windows XP Professional SP2
• Microsoft Windows XP Tablet PC Edition SP2
• NullSoft Winamp 5.0.0 1
• NullSoft Winamp 5.0.0 2
• NullSoft Winamp 5.0.0 3
• NullSoft Winamp 5.0.0 3A
• NullSoft Winamp 5.0.0 4
• NullSoft Winamp 5.0.0 5
• NullSoft Winamp 5.0.0 6
• NullSoft Winamp 5.0.0 7
• NullSoft Winamp 5.0.0 8
• NullSoft Winamp 5.0.0 8C
• NullSoft Winamp 5.0.0 9
• NullSoft Winamp 5.0.0 91
• NullSoft Winamp 5.094
• NullSoft Winamp 5.11
• NullSoft Winamp 5.12
• NullSoft Winamp 5.13
• NullSoft Winamp 5.2
• NullSoft Winamp 5.21
• NullSoft Winamp 5.22
• NullSoft Winamp 5.24
• NullSoft Winamp 5.3
• NullSoft Winamp 5.31

References

• BugTraq: 21612
• CVE: CVE-2006-6601