Vulnerabilities > CVE-2006-6261 - Remote Memory Corruption vulnerability in Quinnware Quintessential Player Playlist Files

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

microsoft

quinnware

critical

exploit available

NVD

Published: 2006-12-04

Updated: 2017-10-19

Summary

Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields.

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows 2000 * Microsoft Windows 95 * Microsoft Windows 98 * Microsoft Windows ME * Microsoft Windows NT 4.0 Microsoft Windows XP *	6
Application	Quinnware Quinnware Quintessential Player *	1

Exploit-Db

description	Quintessential Player <= 4.50.1.82 (Playlist) Denial of Service PoC. CVE-2006-6261. Dos exploit for windows platform
file	exploits/windows/dos/2860.c
id	EDB-ID:2860
last seen	2016-01-31
modified	2006-11-28
platform	windows
port
published	2006-11-28
reporter	Greg Linares
source	https://www.exploit-db.com/download/2860/
title	Quintessential Player <= 4.50.1.82 Playlist Denial of Service PoC
type	dos

Summary

Vulnerable Configurations

Exploit-Db

References