HTTP: Overlarge EMBED Tag Source

This signature detects long source attributes in <embed> tags. A malicious Web page can contain these tags and attempt to crash the target's browser. A successful result can lead to possible code execution.

Extended Description

The Microsoft Windows Media Player plugin for non-Microsoft browsers is prone to a buffer-overflow vulnerability. The application fails to do proper boundary checks on user-supplied data before using it in a finite-sized buffer. An attacker can exploit this issue to execute arbitrary code on the victim user's computer in the context of the victim user. This may facilitate a compromise of the affected computer. This issue is exploitable only through non-Microsoft browsers that have the Media Player plugin installed. Possible browsers include Firefox .9 and later and Netscape 8; other browsers with the plugin installed may also be affected.

Affected Products

Microsoft windows_xp_media_center_edition

Short Name
HTTP:STC:EMBED-SRC-OF
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2006-0005 CVE-2008-4261 EMBED Overlarge Source Tag bid:16644 bid:32595
Release Date
02/14/2006
Supported Platforms

srx-branch-19.3

vsrx3bsd-19.2

srx-19.4

vsrx3bsd-19.4

srx-branch-19.4

vsrx-19.4

vsrx-19.2

srx-19.3

srx-branch-12.3

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx-12.3

vmx-19.3

srx-12.3

Sigpack Version
3704
False Positive
Occasionally
Vendors

Microsoft

CVSS Score

9.3

Found a potential security threat?