CVE-2006-0006

Microsoft Windows Media Player <10 - Buffer Overflow

Title source: llm

Description

Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.

Exploits (2)

exploitdb WORKING POC VERIFIED
by redsand · pythonremotewindows
https://www.exploit-db.com/exploits/1502
exploitdb WORKING POC VERIFIED
by ATmaCA · c++doswindows
https://www.exploit-db.com/exploits/1500

References (16)

Scores

EPSS 0.7163
EPSS Percentile 98.7%

Details

CWE
CWE-119
Status published
Products (9)
microsoft/windows_2000 (2 CPE variants)
microsoft/windows_2003_server r2
microsoft/windows_98
microsoft/windows_98se
microsoft/windows_me
microsoft/windows_media_player 7.1
microsoft/windows_media_player 9
microsoft/windows_media_player 10
microsoft/windows_xp (2 CPE variants)
Published Feb 14, 2006
Tracked Since Feb 18, 2026