Vulnerability Description
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mp3Info | Mp3Info | 0.8.4 |
References
- http://osvdb.org/show/osvdb/30945
- http://packetstormsecurity.com/files/124955/Mp3info-Stack-Buffer-Overflow.html
- http://packetstormsecurity.com/files/125786/MP3Info-0.8.5-SEH-Buffer-Overflow.ht
- http://securitytracker.com/id?1016108
- http://www.exploit-db.com/exploits/32358
- http://www.securiteam.com/exploits/5GP0E15IKO.htmlExploit
- http://www.securityfocus.com/bid/18016
- http://osvdb.org/show/osvdb/30945
- http://packetstormsecurity.com/files/124955/Mp3info-Stack-Buffer-Overflow.html
- http://packetstormsecurity.com/files/125786/MP3Info-0.8.5-SEH-Buffer-Overflow.ht
- http://securitytracker.com/id?1016108
- http://www.exploit-db.com/exploits/32358
- http://www.securiteam.com/exploits/5GP0E15IKO.htmlExploit
- http://www.securityfocus.com/bid/18016
FAQ
What is CVE-2006-2465?
CVE-2006-2465 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this i...
How severe is CVE-2006-2465?
CVE-2006-2465 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2465?
Check the references section above for vendor advisories and patch information. Affected products include: Mp3Info Mp3Info.