Executive Summary

NameCVE-2006-1502First vendor Publication2006-03-29
VendorCveLast vendor Modification2017-07-19

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score5.1Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides user account access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.


Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1502

CPE : Common Platform Enumeration


OpenVAS Exploits

2008-09-24Name : Gentoo Security Advisory GLSA 200605-01 (mplayer mplayer-bin)
File : nvt/glsa_200605_01.nasl
2008-09-04Name : mplayer -- Multiple integer overflows
File : nvt/freebsd_mplayer4.nasl

Open Source Vulnerability Database (OSVDB)

24247MPlayer libmpdemux/aviheader.c AVI indx Chunk Processing Overflow
24246MPlayer libmpdemux/asfheader.c asf_descrambling() Function ASF Processing Ove...

Nessus® Vulnerability Scanner

2007-10-03Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-192.nasl - Type : ACT_GATHER_INFO
2006-06-24Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-108.nasl - Type : ACT_GATHER_INFO
2006-05-13Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c7526a14c4dc11da969900123ffe8333.nasl - Type : ACT_GATHER_INFO
2006-05-03Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200605-01.nasl - Type : ACT_GATHER_INFO
2006-04-08Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-068.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

BID http://www.securityfocus.com/bid/17295
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/429251/100/0/threaded
FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044615.html
GENTOO http://www.gentoo.org/security/en/glsa/glsa-200605-01.xml
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:068
MISC http://www.xfocus.org/advisories/200603/11.html
SECTRACK http://securitytracker.com/id?1015842
SREASON http://securityreason.com/securityalert/532
VUPEN http://www.vupen.com/english/advisories/2006/1156
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/25513

Alert History

If you want to see full details history, please login or register.
2017-07-20 09:23:28
  • Multiple Updates
2016-06-28 15:42:08
  • Multiple Updates
2016-04-26 14:27:15
  • Multiple Updates
2014-02-17 10:35:15
  • Multiple Updates
2013-05-11 10:52:52
  • Multiple Updates