CVE-2006-4046

Open Cubic Player < 0.1.10_rc5 - Remote Code Execution via Crafted .S3M, .IT, .ULT, or .AMS File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4046. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit generates malformed S3M, IT, ULT, or AMS files to trigger buffer overflows in Open Cubic Player. It demonstrates multiple vulnerabilities by crafting files with excessive data lengths.

Description

Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · clocalwindows

https://www.exploit-db.com/exploits/2094

View Code ZIP pw:eip

This exploit generates malformed S3M, IT, ULT, or AMS files to trigger buffer overflows in Open Cubic Player. It demonstrates multiple vulnerabilities by crafting files with excessive data lengths.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Open Cubic Player <= 2.6.0pre6 / 0.1.10_rc5

No auth needed

Prerequisites: None

MITRE ATT&CK