Vulnerabilities > CVE-2006-6251 - Buffer Overflow vulnerability in VUPlayer M3U UNC Name
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote attackers to execute arbitrary code via a long string in an M3U file, aka an "M3U UNC Name" attack.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description VUPlayer M3U Buffer Overflow. CVE-2006-6251. Local exploit for windows platform id EDB-ID:16617 last seen 2016-02-02 modified 2010-11-11 published 2010-11-11 reporter metasploit source https://www.exploit-db.com/download/16617/ title VUPlayer - M3U Buffer Overflow description VUPlayer. CVE-2006-6251. Remote exploit for windows platform file exploits/windows/remote/2870.rb id EDB-ID:2870 last seen 2016-01-31 modified 2006-11-30 platform windows port published 2006-11-30 reporter Greg Linares source https://www.exploit-db.com/download/2870/ title VUPlayer <= 2.44 - .M3U UNC Name Buffer Overflow Exploit meta type remote description VUPlayer. CVE-2006-6251. Local exploit for windows platform file exploits/windows/local/2872.c id EDB-ID:2872 last seen 2016-01-31 modified 2006-11-30 platform windows port published 2006-11-30 reporter Expanders source https://www.exploit-db.com/download/2872/ title VUPlayer <= 2.44 - .M3U UNC Name Buffer Overflow Exploit c type local
Metasploit
description | This module exploits a stack over flow in VUPlayer <= 2.49. When the application is used to open a specially crafted m3u file, an buffer is overwritten allowing for the execution of arbitrary code. |
id | MSF:EXPLOIT/WINDOWS/FILEFORMAT/VUPLAYER_M3U |
last seen | 2020-03-18 |
modified | 2020-01-15 |
published | 2009-10-16 |
references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6251 |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/vuplayer_m3u.rb |
title | VUPlayer M3U Buffer Overflow |
Packetstorm
data source https://packetstormsecurity.com/files/download/83073/vuplayer_m3u.rb.txt id PACKETSTORM:83073 last seen 2016-12-05 published 2009-11-26 reporter MC source https://packetstormsecurity.com/files/83073/VUPlayer-M3U-Buffer-Overflow.html title VUPlayer M3U Buffer Overflow data source https://packetstormsecurity.com/files/download/69182/vuplayer_bof.pl.txt id PACKETSTORM:69182 last seen 2016-12-05 published 2008-08-18 reporter LiquidWorm source https://packetstormsecurity.com/files/69182/vuplayer_bof.pl.txt.html title vuplayer_bof.pl.txt
References
- http://secunia.com/advisories/23182
- http://www.kb.cert.org/vuls/id/311192
- http://www.securityfocus.com/bid/21363
- http://www.vupen.com/english/advisories/2006/4783
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30629
- https://www.exploit-db.com/exploits/2870
- https://www.exploit-db.com/exploits/2872