CVE-2006-6251
CVE-2006-6251
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 67.3%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
04 Dec 2006Published on NVD
18 Aug 2009Metasploit module available
11 Nov 2010Public PoC
Weaponization speed
1438 daysto first PoC
988 daysto Metasploit module
Recommendation: Plan a near-term fix — a public PoC already exists.
Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote attackers to execute arbitrary code via a long string in an M3U file, aka an "M3U UNC Name" attack.
Affected products
n/a · n/apublic PoCs found — 3
exploitdbwww.exploit-db.com/exploits/16617unverifiedcve_referencewww.exploit-db.com/exploits/2872unverifiedcve_referencewww.exploit-db.com/exploits/2870unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://secunia.com/advisories/23182https://exchange.xforce.ibmcloud.com/vulnerabilities/30629https://www.exploit-db.com/exploits/2870https://www.exploit-db.com/exploits/2872http://www.kb.cert.org/vuls/id/311192http://www.securityfocus.com/bid/21363http://www.vupen.com/english/advisories/2006/4783