MitreCVE-2006-0476

HistoryJan 31, 2006 - 11:03 a.m.

CVE-2006-0476

2006-01-3111:03:00

mitre

web.nvd.nist.gov

cve-2006-0476

buffer overflow

nullsoft winamp

5.12

remote execution

arbitrary code

pls file

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.776

Percentile

98.2%

JSON

Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).

Affected configurations

Nvd

Node

nullsoftwinampMatch5.12

VendorProductVersionCPE
nullsoftwinamp5.12cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nullsoft	winamp	5.12	cpe:2.3:a:nullsoft:winamp:5.12:::::::*

References

secunia.com/advisories/18649

securityreason.com/securityalert/386

securityreason.com/securityalert/398

securitytracker.com/id?1015552

www.heise.de/newsticker/meldung/68981

www.kb.cert.org/vuls/id/604745

www.osvdb.org/22789

www.securityfocus.com/archive/1/423436/100/0/threaded

www.securityfocus.com/archive/1/423548/100/0/threaded

www.securityfocus.com/bid/16410

www.us-cert.gov/cas/techalerts/TA06-032A.html

www.vupen.com/english/advisories/2006/0361

www.winamp.com/player/version_history.php

exchange.xforce.ibmcloud.com/vulnerabilities/24361

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1402

www.exploit-db.com/exploits/3422

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.776

Percentile

98.2%

JSON

Related for CVE-2006-0476