Vulnerability Details : CVE-2006-6288
Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier allow remote attackers to execute arbitrary code via (1) a playlist file with long song names, because of an overflow in the CPL_AddPrefixedFile function in CPI_Playlist.c; (2) a skin file with long button names, because of an overflow in the main_skin_check_ini_value function in skin.c; and (3) a skin file with long bitmap filenames, because of an overflow in the main_skin_open function in skin.c.
Vulnerability category: Execute code
Products affected by CVE-2006-6288
- cpe:2.3:a:niek_albers:coolplayer:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-6288
5.91%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-6288
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
CWE ids for CVE-2006-6288
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-6288
-
http://www.vupen.com/english/advisories/2006/4806
Vendor Advisory
-
http://www.securityfocus.com/archive/1/485547/100/100/threaded
-
https://www.exploit-db.com/exploits/4839
-
http://coolplayer.cvs.sourceforge.net/coolplayer/Main/stdafx.h?view=log
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/30658
-
http://www.securityfocus.com/archive/1/485564/100/100/threaded
-
http://secunia.com/advisories/23360
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/30861
-
http://www.securityfocus.com/archive/1/485578/100/100/threaded
-
http://www.securityfocus.com/bid/21396
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/30863
-
http://sourceforge.net/project/shownotes.php?group_id=31900&release_id=467783
-
http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051269.html
Jump to