1. CVE-Search
  2. CVE-2006-0708
ID CVE-2006-0708
Summary Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476.
References
Vulnerable Configurations
  • cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 19-10-2018 - 15:45)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 16623
bugtraq 20060213 New winamp m3u/pls .WMA & .M3U Extension overflows
misc http://forums.winamp.com/showthread.php?s=&threadid=238648
sectrack 1015621
sreason
vupen ADV-2006-0613
xf
  • winamp-m3u-filename-bo(24741)
  • winamp-m3u-wma-bo(24740)
  • winamp-pls-file1-bo(24739)
Last major update 19-10-2018 - 15:45
Published 15-02-2006 - 11:06
Last modified 19-10-2018 - 15:45
Back to Top