Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1905

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1905
Last Modified 07 Mar 2011 09:34:31
Published 20 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1905

Summary

Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.

Vulnerable Systems

Application

  • Xine 0.9.13

  • Xine 0.9.18

  • Xine 0.9.8

  • Xine 1 Alpha

  • Xine 1 Beta1

  • Xine 1 Beta10

  • Xine 1 Beta11

  • Xine 1 Beta12

  • Xine 1 Beta2

  • Xine 1 Beta3

  • Xine 1 Beta4

  • Xine 1 Beta5

  • Xine 1 Beta6

  • Xine 1 Beta7

  • Xine 1 Beta8

  • Xine 1 Beta9

  • Xine 1 Rc0

  • Xine 1 Rc0a

  • Xine 1 Rc1

  • Xine 1 Rc2

  • Xine 1 Rc3

  • Xine 1 Rc3a

  • Xine 1 Rc3b

  • Xine 1 Rc4

  • Xine 1 Rc5

  • Xine 1 Rc6

  • Xine 1 Rc6a

  • Xine 1 Rc7

  • Xine 1 Rc8

  • Xine 1.0

  • Xine 1.0.1


References

VUPEN - ADV-2006-1432

BID - 17579

BUGTRAQ - 20060418 Remote Xine Format String Vulnerability

XF - xine-playlist-format-string(25851)

OSVDB - 24747

SUSE - SUSE-SA:2006:025

MANDRIVA - MDKSA-2006:085

GENTOO - GLSA-200604-15

CONFIRM - http://sourceforge.net/mailarchive/message.php?msg_id=15429845

SECTRACK - 1015959

SECUNIA - 20066

SECUNIA - 19854

SECUNIA - 19671

MISC - http://open-security.org/advisories/16


Last Updated: 27 May 2016 10:42:15