[Microsoft Alert] Microsoft Security Bulletin MS06-006

Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)

Issued: February 14, 2006

Version: 1.0

 

Summary

Who should read this document: Customers who use a Microsoft Windows Media Player plug-in for non-Microsoft Internet browsers

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Important

Recommendation: Customers should apply the update at the earliest opportunity

Security Update Replacement: None

 

Vulnerability Details:

A remote code execution vulnerability exists in the Windows Media Player plug-in for non-Microsoft Internet browsers because of the way the Windows Media Player plug-in handles a malformed EMBED element. An attacker could exploit the vulnerability by constructing a malicious EMBED element that could potentially allow remote code execution if a user visited a malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

 

Affected Software:

Microsoft Windows 2000 Service Pack 4

 

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

 

Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

 

Microsoft Windows XP Professional x64 Edition

 

Microsoft Windows Server 2003 x64 Edition

 

 

 

References: http://www.microsoft.com/security/bulletins/current.mspx (Microsoft Security Updates)<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

---