CVE-2004-0386 : Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.

Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.

Published 2004-05-04 04:00:00

Updated 2017-07-11 01:30:07

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2004-0386

Mandrakesoft » Mandrake Linux » Version: 10.0
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
Matching versions
Mandrakesoft » Mandrake Linux » Version: 9.2
cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
Matching versions
Gentoo » Linux » Version: 1.4 Update RC2
cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*
Matching versions
Gentoo » Linux » Version: 1.4 Update RC1
cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*
Matching versions
Gentoo » Linux » Version: 1.2
cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*
Matching versions
Gentoo » Linux » Version: 0.5
cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*
Matching versions
Gentoo » Linux » Version: 0.7
cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*
Matching versions
Gentoo » Linux » Version: 1.1a
cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*
Matching versions
Gentoo » Linux » Version: 1.4 Update RC3
cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*
Matching versions
Gentoo » Linux » Version: 1.4
cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 1.0 Pre1
cpe:2.3:a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 0.91
cpe:2.3:a:mplayer:mplayer:0.91:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 0.90
cpe:2.3:a:mplayer:mplayer:0.90:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 0.90 Pre
cpe:2.3:a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 0.90 Rc
cpe:2.3:a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 1.0 Pre2
cpe:2.3:a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 1.0 Pre3
cpe:2.3:a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2004-0386

EPSS FAQ

62.98%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2004-0386

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2004-0386

http://security.gentoo.org/glsa/glsa-200403-13.xml

Remote buffer overflow in MPlayer (GLSA 200403-13) — Gentoo security
Patch;Vendor Advisory
http://www.securityfocus.com/bid/10008

Exploit;Patch
http://www.kb.cert.org/vuls/id/723910

VU#723910 - MPlayer contains a buffer overflow in the HTTP parser
Patch;Third Party Advisory;US Government Resource
http://marc.info/?l=bugtraq&m=108067020624076&w=2

'MPlayer Security Advisory #002 - HTTP parsing vulnerability' - MARC
http://www.mandriva.com/security/advisories?name=MDKSA-2004:026

Mandriva
http://www.securityfocus.com/archive/1/359025

Patch;Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15675

MPlayer header buffer overflow CVE-2004-0386 Vulnerability Report
http://www.mplayerhq.hu/homepage/design6/news.html

404 Not Found

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2004-0386

Products affected by CVE-2004-0386

Exploit prediction scoring system (EPSS) score for CVE-2004-0386

CVSS scores for CVE-2004-0386

References for CVE-2004-0386