Lucene search

[email protected]CVE-2006-6250

HistoryDec 04, 2006 - 11:28 a.m.

CVE-2006-6250

2006-12-0411:28:00

[email protected]

web.nvd.nist.gov

cve-2006-6250

songbird media player

format string vulnerability

denial of service

m3u playlist

remote attackers

crash

unicode converter

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.9 Medium

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.8%

JSON

Format string vulnerability in Songbird Media Player 0.2 and earlier allows remote attackers to cause a denial of service (crash) via an M3U Playlist file containing extended ASCII, which causes the Unicode converter to be invoked.

Affected configurations

NVD

Node

songbirdsongbird_media_playerRange≤0.2

CPENameOperatorVersion
songbird:songbird_media_playersongbird songbird media playerle0.2

CPE	Name	Operator	Version
songbird:songbird_media_player	songbird songbird media player	le	0.2

References

www.securityfocus.com/bid/21343

exchange.xforce.ibmcloud.com/vulnerabilities/30563

www.exploit-db.com/exploits/2861

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.9 Medium

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.8%

JSON

Related for CVE-2006-6250

cvelist1 nvd1