Vulnerability Details : CVE-2006-2465
Potential exploit
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability.
Vulnerability category: OverflowExecute code
Products affected by CVE-2006-2465
- cpe:2.3:a:mp3info:mp3info:0.8.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-2465
26.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-2465
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
References for CVE-2006-2465
-
http://packetstormsecurity.com/files/124955/Mp3info-Stack-Buffer-Overflow.html
Mp3info Stack Buffer Overflow ≈ Packet Storm
-
http://www.exploit-db.com/exploits/32358
MP3Info 0.8.5a - Local Buffer Overflow (SEH) - Windows local Exploit
-
http://packetstormsecurity.com/files/125786/MP3Info-0.8.5-SEH-Buffer-Overflow.html
MP3Info 0.8.5 SEH Buffer Overflow ≈ Packet Storm
-
http://securitytracker.com/id?1016108
Access Denied
-
http://www.securityfocus.com/bid/18016
-
http://www.securiteam.com/exploits/5GP0E15IKO.html
Vulnerability Security Testing & DAST | Fortra's Beyond SecurityExploit
Jump to