Vulnerability Details : CVE-2006-6063
Public exploit exists!
Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier allows remote attackers to execute arbitrary code via a M3U file containing a long (1) FileName, and cause a crash via a long (2) DisplayName.
Vulnerability category: OverflowExecute code
Products affected by CVE-2006-6063
- cpe:2.3:a:un4seen:xmplay:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-6063
87.82%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2006-6063
-
XMPlay 3.3.0.4 (ASX Filename) Buffer Overflow
Disclosure Date: 2006-11-21First seen: 2020-04-26exploit/windows/browser/xmplay_asxThis module exploits a stack buffer overflow in XMPlay 3.3.0.4. The vulnerability is caused due to a boundary error within the parsing of playlists containing an overly long file name. This module uses the ASX file format. Authors: - MC <mc@metasploit.com>
CVSS scores for CVE-2006-6063
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-6063
-
http://www.securityfocus.com/bid/21206
XMPlay Playlist Files Remote Buffer Overflow Vulnerability
-
http://www.vupen.com/english/advisories/2006/4636
-
https://www.exploit-db.com/exploits/2815
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/30436
Jump to