Unrated severityNVD Advisory· Published Nov 28, 2006· Updated Apr 23, 2026

CVE-2006-6134

Description

Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.

Affected products

Microsoft/Windows Media Player
cpe:2.3:a:microsoft:windows_media_player:10.00.00.4036:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/21247nvdExploit
secunia.com/advisories/22971nvdVendor Advisory
www.vupen.com/english/advisories/2006/4882nvdVendor Advisory
www.kb.cert.org/vuls/id/208769nvdUS Government Resource
www.us-cert.gov/cas/techalerts/TA06-346A.htmlnvdUS Government Resource
blogs.technet.com/msrc/archive/2006/12/07/public-proof-of-concept-code-for-asx-file-format-isssue.aspxnvd
research.eeye.com/html/alerts/zeroday/20061122.htmlnvd
securityreason.com/securityalert/1922nvd
securitytracker.com/idnvd
support.avaya.com/elmodocs2/security/ASA-2006-274.htmnvd
www.securityfocus.com/archive/1/452352/100/0/threadednvd
www.securityfocus.com/archive/1/453579/100/0/threadednvd
www.securityfocus.com/archive/1/454969/100/200/threadednvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-078nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A669nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.059
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000