1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: VUPlayer CVE-2006-6251

Attack: VUPlayer CVE-2006-6251

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a stack-based buffer-overflow vulnerability in the VUPlayer which may result in remote code execution.

Additional Information

VUPlayer is a freeware multiformat audio player for Microsoft Windows.

The application is prone to a stack-based buffer-overflow vulnerability because it fails to properly verify the size of user-supplied data before copying it into an insufficiently sized process buffer.

This issue presents itself when the application tries to process a malformed 'M3U' playlist file containing overly long entries. This issue may also be triggered when processing playlist files with 'WAX' or 'PLS' extensions.

Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected applications. Failed exploit attempts will likely crash the affected application, denying service to legitimate users.

Affected

  • VUPlayer VUPlayer 2.44

Response

Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube