Signature Detail

SMTP: BMP Malformed Header Buffer Overflow

This signature detects the e-mail transmission of a Windows Bitmap (.bmp) file containing a maliciously crafted header. Viewing this image in Windows Media Player can exploit a buffer overflow condition, leading to arbitrary code execution.

Extended Description

Microsoft Windows Media Player is prone to a remote buffer-overflow vulnerability. The vulnerability arises when the application handles a skin file containing a specially crafted bitmap image. This issue can also be triggered by just supplying a malicious bitmap to the application. Note, however, that Windows Media Player is not the default handler for bitmap files. A successful attack can corrupt process memory and result in arbitrary code execution. This may facilitate a remote compromise in the context of the vulnerable user.

Affected Products

• Microsoft Windows 98
• Microsoft Windows 98SE
• Microsoft Windows ME
• Microsoft Windows Media Player 10.0
• Microsoft Windows Media Player 7.1
• Microsoft Windows Media Player 8.0
• Microsoft Windows Media Player 9.0
• Nortel Networks CallPilot 1001rp
• Nortel Networks CallPilot 3.0.0
• Nortel Networks Contact Center
• Nortel Networks Contact Center Express
• Nortel Networks Contact Center Manager
• Nortel Networks Contact Center Multimedia
• Nortel Networks Contact Center Web Client
• Nortel Networks Enterprise Network Management System
• Nortel Networks IP Address Domain Manager
• Nortel Networks IP softphone 2050
• Nortel Networks MCS 5100 3.0.0
• Nortel Networks MCS 5200 3.0.0
• Nortel Networks Symposium Agent
• Nortel Networks Symposium TAPI Service Provider

References

• BugTraq: 16633
• CVE: CVE-2006-0006
• URL: http://www.microsoft.com/technet/security/bulletin/MS06-005.mspx
• URL: http://www.kb.cert.org/vuls/id/291396
• URL: http://www.us-cert.gov/cas/techalerts/TA06-045A.html