Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0386

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0386
Last Modified 10 Sep 2008 03:26:11
Published 04 May 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0386

Summary

Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.

Vulnerable Systems

Operating System

  • Gentoo Linux 0.5

  • Gentoo Linux 0.7

  • Gentoo Linux 1.1a

  • Gentoo Linux 1.2

  • Gentoo Linux 1.4

  • Mandrakesoft Mandrake Linux 10.0

  • Mandrakesoft Mandrake Linux 9.2

Application

  • Mplayer 0.90

  • Mplayer 0.90 Pre

  • Mplayer 0.90 Rc

  • Mplayer 0.91

  • Mplayer 1.0 Pre1

  • Mplayer 1.0 Pre2

  • Mplayer 1.0 Pre3


References

CERT-VN - VU#723910

XF - mplayer-header-bo(15675)

BID - 10008

BUGTRAQ - 20040330 Heap overflow in MPlayer

GENTOO - GLSA-200403-13

SECUNIA - 11259

BUGTRAQ - 20040330 MPlayer Security Advisory #002 - HTTP parsing vulnerability

CONFIRM - http://www.mplayerhq.hu/homepage/design6/news.html

MANDRAKE - MDKSA-2004:026


Last Updated: 27 May 2016 10:38:35