CVE-2004-0964

Zinf Audio Player 2.2.1 - '.pls' Stack Overflow (PoC)

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.

*Credits: N/A

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2004-09-28 First Exploit
2004-10-18 CVE Reserved
2004-10-20 CVE Published
2024-04-27 EPSS Updated
2024-08-08 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (13)

URL	Tag	Source
http://marc.info/?l=bugtraq&m=109608092609200&w=2	Mailing List
http://marc.info/?l=bugtraq&m=109638486728548&w=2	Mailing List
http://secunia.com/advisories/12656	Third Party Advisory
http://securityreason.com/securityalert/8341	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17491	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/7887	2009-01-27
https://www.exploit-db.com/exploits/16688	2010-11-24
https://www.exploit-db.com/exploits/559	2004-09-28
https://www.exploit-db.com/exploits/7888	2009-01-28
https://www.exploit-db.com/exploits/8267	2009-03-23
https://www.exploit-db.com/exploits/17600	2011-08-03
http://www.securityfocus.com/bid/11248	2024-08-08

URL	Date	SRC
http://www.debian.org/security/2004/dsa-587	2017-07-11

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zinf Search vendor "Zinf"		Zinf Search vendor "Zinf" for product "Zinf"				2.2.1 Search vendor "Zinf" for product "Zinf" and version "2.2.1"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		alpha		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		arm		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		hppa		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		ia-32		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		ia-64		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		m68k		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		mips		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		mipsel		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		ppc		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		s-390		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		sparc		Affected