Signature Detail

HTTP: Windows Media Player BMP Overflow (1)

This signature detects malformed BMP's opened by Windows Media Player. Versions 10 and prior are vulnerable. Attackers, who convince a user to open a malicious Web page or file, can cause a buffer overflow leading to arbitrary code execution with the user's privileges.

Extended Description

Microsoft Windows Media Player is prone to a remote buffer-overflow vulnerability. The vulnerability arises when the application handles a skin file containing a specially crafted bitmap image. This issue can also be triggered by just supplying a malicious bitmap to the application. Note, however, that Windows Media Player is not the default handler for bitmap files. A successful attack can corrupt process memory and result in arbitrary code execution. This may facilitate a remote compromise in the context of the vulnerable user.

Affected Products

• Microsoft Windows 98
• Microsoft Windows 98SE
• Microsoft Windows ME
• Microsoft Windows Media Player 10.0
• Microsoft Windows Media Player 7.1
• Microsoft Windows Media Player 8.0
• Microsoft Windows Media Player 9.0
• Nortel Networks CallPilot 1001rp
• Nortel Networks CallPilot 3.0.0
• Nortel Networks Contact Center
• Nortel Networks Contact Center Express
• Nortel Networks Contact Center Manager
• Nortel Networks Contact Center Multimedia
• Nortel Networks Contact Center Web Client
• Nortel Networks Enterprise Network Management System
• Nortel Networks IP Address Domain Manager
• Nortel Networks IP softphone 2050
• Nortel Networks MCS 5100 3.0.0
• Nortel Networks MCS 5200 3.0.0
• Nortel Networks Symposium Agent
• Nortel Networks Symposium TAPI Service Provider

References

• BugTraq: 16633
• CVE: CVE-2006-0006