{"vuid":"VU#311192","idnumber":"311192","name":"VUPlayer malformed playlist buffer overflow","keywords":["VUPlayer","buffer overflow","arbitrary code execution","malformed playlists"],"overview":"VUPlayer fails to properly handle malformed playlists. This vulnerability may allow a remote attacker to execute arbitrary code.","clean_desc":"VUPlayer is a freeware audio player for the Microsoft Windows platform. It can play various types of media files, such as MP3s. A Playlist (.PLS or .M3U) file is a text file that contains links to other media files to play. VUPlayer supports the use of playlist files. VUPlayer fails to properly handle malformed playlists allowing a stack-based buffer overflow to occur. Note that working exploit code is publicly available for this vulnerability.","impact":"A remote unauthenticated attacker may be able to execute arbitrary code by convincing a user to open a specially crafted playlist. This can be achieved by creating a specially crafted web page or other HTML document that may launch VUPlayer without any user interaction.","resolution":"We are unaware of a solution to this problem. Until a solution becomes available the following workarounds are strongly encouraged:","workarounds":"Do not open playlist files from untrusted sources Do not open untrusted playlist files (.PLS or .M3U) with VUPlayer. Do Not Follow Unsolicited Links In order to convince users to visit their sites, attackers often use URL encoding, IP address variations, long URLs, intentional misspellings, and other techniques to create misleading links. Do not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases.","sysaffected":"","thanks":"This vulnerability was reported by Greg Linares.","author":"This document was written by Jeff Gennari.","public":["http://www.securityfocus.com/bid/21363","http://www.frsirt.com/english/advisories/2006/4783","http://secunia.com/advisories/23182","http://xforce.iss.net/xforce/xfdb/30629"],"cveids":["CVE-2006-6251"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-11-30T17:27:06Z","publicdate":"2006-12-01T00:00:00Z","datefirstpublished":"2007-09-06T21:51:12Z","dateupdated":"2007-09-06T21:51:24Z","revision":16,"vrda_d1_directreport":"1","vrda_d1_population":"1","vrda_d1_impact":"4","cam_widelyknown":"20","cam_exploitation":"5","cam_internetinfrastructure":"0","cam_population":"5","cam_impact":"20","cam_easeofexploitation":"17","cam_attackeraccessrequired":"20","cam_scorecurrent":"15.9375","cam_scorecurrentwidelyknown":"15.9375","cam_scorecurrentwidelyknownexploited":"25.5","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":15.9375,"vulnote":null}