Vulnerabilities > CVE-2004-1244 - Unspecified vulnerability in Microsoft Windows Media Player 9
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS05-009.NASL |
description | The remote host is running either Windows Media Player 9 or MSN Messenger. There is a vulnerability in the remote version of this software that could allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, one attacker would need to set up a rogue PNG image and send it to a victim on the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 16328 |
published | 2005-02-08 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/16328 |
title | MS05-009: Vulnerability in PNG Processing Could Allow Remote Code Execution (890261) |
code |
|
Oval
accepted 2008-02-25T04:00:05.690-05:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name John Hoyland organization Centennial Software name Robert L. Hollis organization ThreatGuard, Inc. name Jeff Cheng organization Hewlett-Packard name Jeff Cheng organization Hewlett-Packard name Jeff Cheng organization Hewlett-Packard name Jeff Cheng organization Hewlett-Packard name Jeff Cheng organization Hewlett-Packard name Jeff Cheng organization Hewlett-Packard name Jeff Cheng organization Hewlett-Packard
description Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability." family windows id oval:org.mitre.oval:def:1306 status accepted submitted 2005-02-16T12:00:00.000-04:00 title Windows XP Media Player PNG Processing Vulnerability version 68 accepted 2008-02-25T04:00:07.189-05:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name John Hoyland organization Centennial Software name Robert L. Hollis organization ThreatGuard, Inc. name Jeff Cheng organization Hewlett-Packard name Jeff Cheng organization Hewlett-Packard name Jeff Cheng organization Hewlett-Packard name Jeff Cheng organization Hewlett-Packard name Jeff Cheng organization Hewlett-Packard name Jeff Cheng organization Hewlett-Packard name Jeff Cheng organization Hewlett-Packard
description Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability." family windows id oval:org.mitre.oval:def:1568 status accepted submitted 2005-02-22T12:00:00.000-04:00 title Server 2003 Media Player PNG Processing Vulnerability version 68 accepted 2008-02-25T04:00:08.047-05:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name John Hoyland organization Centennial Software name Robert L. Hollis organization ThreatGuard, Inc. name Jeff Cheng organization Hewlett-Packard name Jeff Cheng organization Hewlett-Packard name Jeff Cheng organization Hewlett-Packard name Jeff Cheng organization Hewlett-Packard name Jeff Cheng organization Hewlett-Packard name Jeff Cheng organization Hewlett-Packard name Jeff Cheng organization Hewlett-Packard
description Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability." family windows id oval:org.mitre.oval:def:2379 status accepted submitted 2005-02-22T12:00:00.000-04:00 title Windows 2000 Media Player PNG Processing Vulnerability version 68
References
- http://www.kb.cert.org/vuls/id/259890
- http://www.us-cert.gov/cas/techalerts/TA05-039A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19096
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1306
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1568
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2379