Vulnerabilities > CVE-2006-4131 - Multiple vulnerability in ArcSoft MMS Composer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibly earlier, and 2.0.0.13, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted MMS (Multimedia Messaging Service) messages that trigger the overflows in the (1) M-Notification.ind, (2) M-Retrieve.conf (Header and Body), or (3) SMIL parsers.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description ArcSoft MMS Composer 1.5.5/2.0 Multiple Vulnerabilities. CVE-2006-4131. Remote exploits for multiple platform id EDB-ID:28368 last seen 2016-02-03 modified 2006-08-09 published 2006-08-09 reporter Collin R. Mulliner source https://www.exploit-db.com/download/28368/ title ArcSoft Mms Composer 1.5.5/2.0 - Multiple Vulnerabilities id EDB-ID:2156
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048614.html
- http://secunia.com/advisories/21426
- http://securityreason.com/securityalert/1387
- http://www.arcsoft.com/support/downloads/download_patches/mms.asp
- http://www.mulliner.org/pocketpc/CollinMulliner_defcon14_pocketpcphones.pdf
- http://www.securityfocus.com/archive/1/442841/100/0/threaded
- http://www.securityfocus.com/bid/19451
- http://www.vupen.com/english/advisories/2006/3261
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28342
- https://www.exploit-db.com/exploits/2156