7.5 - VU#311192

Executive Summary

Summary
Title	VUPlayer malformed playlist buffer overflow

Informations
Name	VU#311192	First vendor Publication	2007-09-06
Vendor	VU-CERT	Last vendor Modification	2007-09-06
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#311192

VUPlayer malformed playlist buffer overflow

Overview

VUPlayer fails to properly handle malformed playlists. This vulnerability may allow a remote attacker to execute arbitrary code.

I. Description

VUPlayer is a freeware audio player for the Microsoft Windows platform. It can play various types of media files, such as MP3s. A Playlist (.PLS or .M3U) file is a text file that contains links to other media files to play. VUPlayer supports the use of playlist files.

VUPlayer fails to properly handle malformed playlists allowing a stack-based buffer overflow to occur.

Note that working exploit code is publicly available for this vulnerability.

II. Impact

A remote unauthenticated attacker may be able to execute arbitrary code by convincing a user to open a specially crafted playlist. This can be achieved by creating a specially crafted web page or other HTML document that may launch VUPlayer without any user interaction.

III. Solution

We are unaware of a solution to this problem. Until a solution becomes available the following workarounds are strongly encouraged:

Do not open playlist files from untrusted sources

Do not open untrusted playlist files (.PLS or .M3U) with VUPlayer.

Do Not Follow Unsolicited Links

In order to convince users to visit their sites, attackers often use URL encoding, IP address variations, long URLs, intentional misspellings, and other techniques to create misleading links. Do not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases.

Systems Affected

Vendor	Status	Date Updated
VUPlayer	Vulnerable	4-Dec-2006

References

http://www.securityfocus.com/bid/21363
http://www.frsirt.com/english/advisories/2006/4783
http://secunia.com/advisories/23182
http://xforce.iss.net/xforce/xfdb/30629

Credit

This vulnerability was reported by Greg Linares.

This document was written by Jeff Gennari.

Other Information

Date Public	12/01/2006
Date First Published	09/06/2007 05:51:12 PM
Date Last Updated	09/06/2007
CERT Advisory
CVE Name	CVE-2006-6251
Metric	15.94
Document Revision	16

Original Source

Url : http://www.kb.cert.org/vuls/id/311192

CPE : Common Platform Enumeration

Type	Description	Count
Application	Vuplayer cpe:2.3:a:vuplayer:vuplayer:2.44:::::::* cpe:2.3:a:vuplayer:vuplayer:2.43:::::::* cpe:2.3:a:vuplayer:vuplayer:2.42:::::::* cpe:2.3:a:vuplayer:vuplayer:2.41:::::::* cpe:2.3:a:vuplayer:vuplayer:2.4:::::::* cpe:2.3:a:vuplayer:vuplayer:2.3:::::::* cpe:2.3:a:vuplayer:vuplayer:2.23:::::::* cpe:2.3:a:vuplayer:vuplayer:2.22:::::::* cpe:2.3:a:vuplayer:vuplayer:2.21:::::::* cpe:2.3:a:vuplayer:vuplayer:2.2:::::::* cpe:2.3:a:vuplayer:vuplayer:2.11:::::::* cpe:2.3:a:vuplayer:vuplayer:2.1:::::::* cpe:2.3:a:vuplayer:vuplayer:2.03:::::::* cpe:2.3:a:vuplayer:vuplayer:2.02:::::::* cpe:2.3:a:vuplayer:vuplayer:2.01:::::::* cpe:2.3:a:vuplayer:vuplayer:2.0:::::::* cpe:2.3:a:vuplayer:vuplayer:1.9:::::::* cpe:2.3:a:vuplayer:vuplayer:1.8:::::::* cpe:2.3:a:vuplayer:vuplayer:1.7:::::::* cpe:2.3:a:vuplayer:vuplayer:1.6:::::::* cpe:2.3:a:vuplayer:vuplayer:1.5:::::::* cpe:2.3:a:vuplayer:vuplayer:1.4:::::::* cpe:2.3:a:vuplayer:vuplayer:1.3:::::::* cpe:2.3:a:vuplayer:vuplayer:1.2:::::::* cpe:2.3:a:vuplayer:vuplayer:1.1:::::::* cpe:2.3:a:vuplayer:vuplayer:1.05:::::::* cpe:2.3:a:vuplayer:vuplayer:1.04:::::::* cpe:2.3:a:vuplayer:vuplayer:1.01:::::::* cpe:2.3:a:vuplayer:vuplayer:1.0:::::::* cpe:2.3:a:vuplayer:vuplayer:0.9:::::::* cpe:2.3:a:vuplayer:vuplayer:0.8:::::::* cpe:2.3:a:vuplayer:vuplayer:0.7:::::::* cpe:2.3:a:vuplayer:vuplayer:0.6:::::::* cpe:2.3:a:vuplayer:vuplayer:0.5:::::::* cpe:2.3:a:vuplayer:vuplayer:0.4:::::::* cpe:2.3:a:vuplayer:vuplayer:0.3:::::::* cpe:2.3:a:vuplayer:vuplayer:0.2:::::::* cpe:2.3:a:vuplayer:vuplayer:0.1:::::::* cpe:2.3:a:vuplayer:vuplayer::::::::	39

Open Source Vulnerability Database (OSVDB)

Id	Description
31710	VUPlayer M3U/PLS Playlist Parsing Overflow

Snort® IPS/IDS

Date	Description
2017-08-15	multiple vulnerabilities malformed .m3u file buffer overflow attempt RuleID : 43543 - Revision : 4 - Type : FILE-OTHER

Global Informations

Type	Count
CPE ID(s)	39
osvdb(s)	1
Snort® Rule(s)	1

	Related
7.5	CVE-2006-6251
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)