MPlayer Crafted Media File Integer Overflow

Medium Nessus Network Monitor Plugin ID 3491

Synopsis

The remote host is vulnerable to an integer overflow

Description

The remote host is using a version of MPlayer, a multimedia video and audio application. This version of MPlayer is vulnerable to an integer overflow due to a lack of content parsing. An attacker exploiting this flaw would need to craft a malicious media file and then convince a local user to download and play the file within MPlayer. Successful exploitation would result in arbitrary code being executed locally.

Solution

Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: Medium

ID: 3491

File Name: 3491.prm

Family: Web Clients

Published: 2006/03/29

Modified: 2016/02/05

Dependencies: 1735, 8314

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5.1

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:ND

CVSSv3

Base Score: 5.6

Temporal Score: 4.8

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:X

Reference Information

CVE: CVE-2006-1502

BID: 17295

OSVDB: 24246, 24247