CVE-2006-4046 : Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier

Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function.

Published 2006-08-09 23:04:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2006-4046

Open Cubic Player » Open Cubic Player
Versions up to, including, (<=) 0.1.10_rc5
cpe:2.3:a:open_cubic_player:open_cubic_player:*:*:*:*:*:*:*:*
Matching versions
Open Cubic Player » Open Cubic Player
Versions up to, including, (<=) 2.60_pre6
cpe:2.3:a:open_cubic_player:open_cubic_player:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-4046

EPSS FAQ

24.53%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 96 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-4046

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-4046

https://www.exploit-db.com/exploits/2094

Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Local Buffer Overflows - Windows local Exploit
http://aluigi.altervista.org/adv/ocpbof-adv.txt
http://www.vupen.com/english/advisories/2006/3078

Site en construction
http://secunia.com/advisories/21267

About Secunia Research | Flexera
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/28103

Open Cubic Player mpLoadS3M() buffer overflow CVE-2006-4046 Vulnerability Report
https://exchange.xforce.ibmcloud.com/vulnerabilities/28104

Open Cubic Player itplayerclass::module::load() buffer overflow CVE-2006-4046 Vulnerability Report
http://securitytracker.com/id?1016611

Access Denied
https://exchange.xforce.ibmcloud.com/vulnerabilities/28105

Open Cubic Player mpLoadULT() buffer overflow CVE-2006-4046 Vulnerability Report
https://exchange.xforce.ibmcloud.com/vulnerabilities/28106

Open Cubic Player mpLoadAMS() buffer overflow CVE-2006-4046 Vulnerability Report
http://www.securityfocus.com/archive/1/441730/100/100/threaded
http://securityreason.com/securityalert/1349

Multiple vulnerabilities in Open Cubic Player 2.6.0pre6 / 0.1.10_rc5 - CXSecurity.com
http://www.securityfocus.com/bid/19262

Jump to

Vulnerability Details : CVE-2006-4046

Products affected by CVE-2006-4046

Exploit prediction scoring system (EPSS) score for CVE-2006-4046

CVSS scores for CVE-2006-4046

References for CVE-2006-4046