Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2910

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2910
Last Modified 07 Mar 2011 09:37:17
Published 05 Jul 2006 02:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2910

Summary

Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other versions, allows user-assisted attackers to execute arbitrary code via an audio file (such as WMA) with long ID Tag values including (1) Title, (2) Author, and (3) Album, which triggers the overflow in the tooltip display string if the sound card driver is disabled or incorrectly installed.

Vulnerable Systems

Application

  • Cowon America Jetaudio Basic 6.2.6.8330


References

XF - jetaudio-tooltip-idtag-bo(27593)

VUPEN - ADV-2006-2667

BID - 18825

MISC - http://secunia.com/secunia_research/2006-45/advisory/

SECUNIA - 19456


Last Updated: 27 May 2016 10:42:48