MP3Info Unspecified Buffer Overflow Vulnerability
BID:18016
CVE-2006-2465 |Info
MP3Info Unspecified Buffer Overflow Vulnerability
| Bugtraq ID: | 18016 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-2465 |
| Remote: | Yes |
| Local: | No |
| Published: | May 17 2006 12:00AM |
| Updated: | Mar 21 2014 12:56AM |
| Credit: | Kamil Sienicki is credited with the discovery of this vulnerability. |
| Vulnerable: |
MP3Info MP3Info 0.8.4 |
| Not Vulnerable: | |
Discussion
MP3Info Unspecified Buffer Overflow Vulnerability
MP3Info is prone to a buffer-overflow vulnerability. The application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
This issue allows attackers to execute arbitrary machine code in the context of users running the affected application.
Version 0.8.4 of MP3Info is vulnerable to this issue; other versions may also be affected.
MP3Info is prone to a buffer-overflow vulnerability. The application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
This issue allows attackers to execute arbitrary machine code in the context of users running the affected application.
Version 0.8.4 of MP3Info is vulnerable to this issue; other versions may also be affected.
Exploit / POC
MP3Info Unspecified Buffer Overflow Vulnerability
The following exploit code is available:
The following exploit code is available:
Solution / Fix
MP3Info Unspecified Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].