CVE-2006-0579

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple integer overflows in (1) the new_demux_packet function in demuxer.h and (2) the demux_asf_read_packet function in demux_asf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.

Múltiples desbordamientos de enteros en (1) la función new_demux_packet en demuxer.h y (2) la función demux_asf_read_packet en demux_asf.c en MPlayer 1.0pre7try2 y anteriores permite a atacantes remotos ejecutar código de su elección mediante un fichero ASF con un valor de longitud de paquete grande. NOTA: la proveniencia de esta información es desconocida, parte de los detalles son obtenidos de información de terceras partes.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-02-08 CVE Reserved
2006-02-08 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
http://secunia.com/advisories/19114	Third Party Advisory
http://www.vupen.com/english/advisories/2006/0457	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/24531	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/18718	2017-07-20
http://www.gentoo.org/security/en/glsa/glsa-200603-03.xml	2017-07-20
http://www.mandriva.com/security/advisories?name=MDKSA-2006:048	2017-07-20

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mplayer Search vendor "Mplayer"		Mplayer Search vendor "Mplayer" for product "Mplayer"				<= 1.0_pre7try2 Search vendor "Mplayer" for product "Mplayer" and version " <= 1.0_pre7try2"		-		Affected