Executive Summary

Informations
NameCVE-2006-1502First vendor Publication2006-03-29
VendorCveLast vendor Modification2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score5.1Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides user account access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1502

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

OpenVAS Exploits

DateDescription
2008-09-24Name : Gentoo Security Advisory GLSA 200605-01 (mplayer mplayer-bin)
File : nvt/glsa_200605_01.nasl
2008-09-04Name : mplayer -- Multiple integer overflows
File : nvt/freebsd_mplayer4.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
24247MPlayer libmpdemux/aviheader.c AVI indx Chunk Processing Overflow
24246MPlayer libmpdemux/asfheader.c asf_descrambling() Function ASF Processing Ove...

Nessus® Vulnerability Scanner

DateDescription
2007-10-03Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-192.nasl - Type : ACT_GATHER_INFO
2006-06-24Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-108.nasl - Type : ACT_GATHER_INFO
2006-05-13Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c7526a14c4dc11da969900123ffe8333.nasl - Type : ACT_GATHER_INFO
2006-05-03Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200605-01.nasl - Type : ACT_GATHER_INFO
2006-04-08Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-068.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/17295
BUGTRAQhttp://www.securityfocus.com/archive/1/archive/1/429251/100/0/threaded
FULLDISChttp://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044615.html
GENTOOhttp://www.gentoo.org/security/en/glsa/glsa-200605-01.xml
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:068
MISChttp://www.xfocus.org/advisories/200603/11.html
OSVDBhttp://www.osvdb.org/24246
http://www.osvdb.org/24247
SECTRACKhttp://securitytracker.com/id?1015842
SECUNIAhttp://secunia.com/advisories/19418
http://secunia.com/advisories/19565
http://secunia.com/advisories/19919
SREASONhttp://securityreason.com/securityalert/532
http://securityreason.com/securityalert/647
VUPENhttp://www.vupen.com/english/advisories/2006/1156
XFhttp://xforce.iss.net/xforce/xfdb/25513
http://xforce.iss.net/xforce/xfdb/25514

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:35:15
  • Multiple Updates
2013-05-11 10:52:52
  • Multiple Updates