Vulnerability Name: | CVE-2006-0720 (CCN-24740) | ||||||||
Assigned: | 2006-02-13 | ||||||||
Published: | 2006-02-13 | ||||||||
Updated: | 2018-10-19 | ||||||||
Summary: | Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file. | ||||||||
CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C) 6.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
4.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Mon Feb 13 2006 - 14:34:01 CST New winamp m3u/pls .WMA & .M3U Extension overflows Source: CCN Type: Full-Disclosure Mailing List, Thu Feb 16 2006 - 02:53:03 CST Winamp .m3u fun again ;) Source: MITRE Type: CNA CVE-2006-0708 Source: MITRE Type: CNA CVE-2006-0720 Source: CONFIRM Type: UNKNOWN http://forums.winamp.com/showthread.php?threadid=238648 Source: SREASON Type: UNKNOWN 476 Source: CCN Type: SECTRACK ID: 1015621 Winamp Buffer Overflow in Processing `.m3u` File Names May Let Remote Users Execute Arbitrary Code Source: CCN Type: SECTRACK ID: 1015675 Winamp Buffer Overflow in Processing `.m3u` Program Titles May Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: Patch 1015675 Source: CCN Type: Secway.org Advisory 2006.02.16 Winamp .m3u Remote Buffer Overflow Vulnerability (0day) Source: MISC Type: UNKNOWN http://www.nsfocus.com/english/homepage/research/0601.htm Source: CCN Type: OSVDB ID: 23525 Winamp m3u File Processing Stop/Pause Overflow Source: BUGTRAQ Type: UNKNOWN 20060223 NSFOCUS SA2006-01 : Winamp m3u File Processing Buffer Overflow Vulnerability Source: CCN Type: BID-16410 Nullsoft Winamp Malformed Playlist File Handling Remote Buffer Overflow Vulnerability Source: CCN Type: BID-16623 Nullsoft Winamp M3U File Denial of Service Vulnerability Source: BID Type: Patch 16785 Source: CCN Type: BID-16785 Nullsoft Winamp M3U File Processing Buffer Overflow Vulnerability Source: XF Type: UNKNOWN winamp-m3u-wma-bo(24740) Source: XF Type: UNKNOWN winamp-m3u-wma-bo(24740) Source: CCN Type: Packet Storm Security [06-16-2013] Winamp 5.12 Buffer Overflow Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [06-17-2013] | ||||||||
Vulnerable Configuration: | Configuration 1:![]() | ||||||||
BACK |