Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0720

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2006-0720
Last Modified 05 Sep 2008 05:00:02
Published 23 Feb 2006 04:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-0720

Summary

Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file.

Vulnerable Systems

Application

  • Nullsoft Winamp 5.12

  • Nullsoft Winamp 5.13


References

BID - 16785

SECTRACK - 1015675

BUGTRAQ - 20060223 NSFOCUS SA2006-01 : Winamp m3u File Processing Buffer Overflow Vulnerability

MISC - http://www.nsfocus.com/english/homepage/research/0601.htm

CONFIRM - http://forums.winamp.com/showthread.php?threadid=238648

XF - winamp-m3u-wma-bo(24740)

SREASON - 476


Last Updated: 27 May 2016 10:41:46