CVE-2006-4131
published 2006-08-14CVE-2006-4131: Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibly earlier, and 2.0.0.13, and possibly earlier, allow remote attackers to cause a denial…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
8.44%
94.3th percentile
Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibly earlier, and 2.0.0.13, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted MMS (Multimedia Messaging Service) messages that trigger the overflows in the (1) M-Notification.ind, (2) M-Retrieve.conf (Header and Body), or (3) SMIL parsers.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arcsoft | mms_composer | <= 1.5.5.6 | — |
| arcsoft | mms_composer | <= 2.0.0.13 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
FTPRush 1.0.610 - Host Field Local Buffer Overflow
exploitdb·2006-12-22
CVE-2006-6752 FTPRush 1.0.610 - Host Field Local Buffer Overflow
FTPRush 1.0.610 - Host Field Local Buffer Overflow
---
source: https://www.securityfocus.com/bid/21714/info
FTPRush is prone to a local buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input data to an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
This issue affects version 1.0.0.610; other versions may also be vulnerable.
Supplying the following to the client GUI is sufficient to demonstrate this issue:
Host: 4131 x "A"
Exploit-DB
ArcSoft Mms Composer 1.5.5/2.0 - Multiple Vulnerabilities
exploitdb·2006-08-09
CVE-2006-4131 ArcSoft Mms Composer 1.5.5/2.0 - Multiple Vulnerabilities
ArcSoft Mms Composer 1.5.5/2.0 - Multiple Vulnerabilities
---
source: https://www.securityfocus.com/bid/19451/info
ArcSoft MMS Composer is affected by multiple vulnerabilities, including buffer-overflow and denial-of-service issues.
Successful exploits can allow remote attackers to cause denial-of-service conditions and to execute arbitrary machine code in the context of the user running the application.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/28368.tar.gz
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048614.htmlhttp://secunia.com/advisories/21426http://securityreason.com/securityalert/1387http://www.arcsoft.com/support/downloads/download_patches/mms.asphttp://www.mulliner.org/pocketpc/CollinMulliner_defcon14_pocketpcphones.pdfhttp://www.securityfocus.com/archive/1/442841/100/0/threadedhttp://www.securityfocus.com/bid/19451http://www.vupen.com/english/advisories/2006/3261https://exchange.xforce.ibmcloud.com/vulnerabilities/28342https://www.exploit-db.com/exploits/2156http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048614.htmlhttp://secunia.com/advisories/21426http://securityreason.com/securityalert/1387http://www.arcsoft.com/support/downloads/download_patches/mms.asphttp://www.mulliner.org/pocketpc/CollinMulliner_defcon14_pocketpcphones.pdfhttp://www.securityfocus.com/archive/1/442841/100/0/threadedhttp://www.securityfocus.com/bid/19451http://www.vupen.com/english/advisories/2006/3261https://exchange.xforce.ibmcloud.com/vulnerabilities/28342https://www.exploit-db.com/exploits/2156
2006-08-14
Published