Strix
26.1K

CVE-2006-6539

UnknownEPSS 7.75%

Last modified

CVE-2006-6539 is a vulnerability of currently unknown severity. Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and earlier (1) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an (a) long username or a (b) crafted packet to the FindBasicAuth function in security.cpp, related to the /browse URI; and allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a long path string in the (2) Browse, (3) CControl::Download, and (4) CControl::Load functions, related to the file parameter in the /dl URI. NOTE: some of these details are obtained from third party information.. EPSS estimates a 7.75% chance of exploitation in the next 30 days.

Description

Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and earlier (1) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an (a) long username or a (b) crafted packet to the FindBasicAuth function in security.cpp, related to the /browse URI; and allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a long path string in the (2) Browse, (3) CControl::Download, and (4) CControl::Load functions, related to the file parameter in the /dl URI. NOTE: some of these details are obtained from third party information.

Metrics

EPSS Probability
7.75%

93.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
Flippet.OrgWinamp Web Interface<= 7.5.13

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2006-6539?
Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and earlier (1) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an (a) long username or a (b) crafted packet to the FindBasicAuth function in security.cpp, related to the /browse URI; and allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a long path string in the (2) Browse, (3) CControl::Download, and (4) CControl::Load functions, related to the file parameter in the /dl URI. NOTE: some of these details are obtained from third party information.
How severe is CVE-2006-6539?
Severity scoring for CVE-2006-6539 is pending analysis. The EPSS model estimates a 7.75% probability of exploitation in the next 30 days.
How do I fix CVE-2006-6539?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-6539?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST