CVE-2006-0005
EXPLOITEDMicrosoft WMP <10 - RCE
Title source: llmDescription
Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Matthew Murphy · perlremotewindows
https://www.exploit-db.com/exploits/1520
exploitdb
WORKING POC
VERIFIED
by H D Moore · remotewindows
https://www.exploit-db.com/exploits/1504
exploitdb
WORKING POC
VERIFIED
by Matthew Murphy · htmlremotewindows
https://www.exploit-db.com/exploits/1505
References (10)
Scores
EPSS
0.7552
EPSS Percentile
98.9%
Details
VulnCheck KEV
2010-05-01
CWE
CWE-119
Status
published
Products (25)
microsoft/windows_2000
(6 CPE variants)
microsoft/windows_2000_advanced_server
microsoft/windows_2000_advanced_server
sp1
microsoft/windows_2000_advanced_server
sp2
microsoft/windows_2000_advanced_server
sp3
microsoft/windows_2000_advanced_server
sp4
microsoft/windows_2003_server
datacenter_edition
microsoft/windows_2003_server
datacenter_edition_64-bit
microsoft/windows_2003_server
enterprise_edition
microsoft/windows_2003_server
enterprise_edition_64-bit
... and 15 more
Published
Feb 14, 2006
Tracked Since
Feb 18, 2026