CVE-2006-4192
CVE-2006-4192
Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/2160unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://aluigi.altervista.org/adv/mptho-adv.txthttp://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=bc2cdd57d549ab3ba59782e9b395d0cd683fd3achttps://bugzilla.redhat.com/show_bug.cgi?id=497154http://secunia.com/advisories/21418http://secunia.com/advisories/22080http://secunia.com/advisories/22658http://secunia.com/advisories/23294http://secunia.com/advisories/23555http://secunia.com/advisories/26979http://security.gentoo.org/glsa/glsa-200612-04.xmlhttp://securityreason.com/securityalert/1397https://exchange.xforce.ibmcloud.com/vulnerabilities/28305