Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2200

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2200
Last Modified 02 Aug 2011 12:00:00
Published 27 Jun 2006 09:45:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2200

Summary

Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.

Vulnerable Systems

Application

  • Mimms 0.0.9

  • Xine-lib 1.1.0


References

VUPEN - ADV-2006-2487

UBUNTU - USN-315-1

UBUNTU - USN-309-1

BID - 18608

MANDRIVA - MDKSA-2006:121

MANDRIVA - MDKSA-2006:117

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=468432

SLACKWARE - SSA:2006-357-05

GENTOO - GLSA-200607-07

SECUNIA - 23512

SECUNIA - 23218

SECUNIA - 21139

SECUNIA - 21036

SECUNIA - 21023

SECUNIA - 20964

SECUNIA - 20948

SECUNIA - 20749

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577


Last Updated: 27 May 2016 10:42:22