MPlayer Crafted Media File Integer Overflow

medium Nessus Network Monitor Plugin ID 3491

Synopsis

The remote host is vulnerable to an integer overflow

Description

The remote host is using a version of MPlayer, a multimedia video and audio application. This version of MPlayer is vulnerable to an integer overflow due to a lack of content parsing. An attacker exploiting this flaw would need to craft a malicious media file and then convince a local user to download and play the file within MPlayer. Successful exploitation would result in arbitrary code being executed locally.

Solution

Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: Medium

ID: 3491

Family: Web Clients

Published: 3/29/2006

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:mplayer:mplayer

Reference Information

CVE: CVE-2006-1502

BID: 17295