CVE-2006-4131

ArcSoft MMS Composer < 1.5.5.6 - Buffer Overflow via Crafted MMS Messages

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-4131. PoCs published by Collin Mulliner, Collin R. Mulliner.

AI-analyzed exploit summary This is a Proof-of-Concept tool demonstrating a flood/crash vulnerability in PocketPC MMS Composer via UDP port 2948. It sends MMS new message notifications to target devices, causing denial-of-service conditions or crashes.

Description

Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibly earlier, and 2.0.0.13, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted MMS (Multimedia Messaging Service) messages that trigger the overflows in the (1) M-Notification.ind, (2) M-Retrieve.conf (Header and Body), or (3) SMIL parsers.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Collin Mulliner · cdoshardware
https://www.exploit-db.com/exploits/2156

This is a Proof-of-Concept tool demonstrating a flood/crash vulnerability in PocketPC MMS Composer via UDP port 2948. It sends MMS new message notifications to target devices, causing denial-of-service conditions or crashes.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: PocketPC MMS Composer 1.5 and 2.0 on WinCE 4.2x
No auth needed
Prerequisites: Network access to target device · UDP port 2948 accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Collin R. Mulliner · textremotemultiple
https://www.exploit-db.com/exploits/28368

The provided text describes vulnerabilities in ArcSoft MMS Composer, including buffer overflow and DoS issues, but does not contain actual exploit code. It references a binary exploit archive without further details.

Classification
Writeup 90%
Attack Type
Dos | Rce
Complexity
Theoretical
Reliability
Theoretical
Target: ArcSoft MMS Composer
No auth needed
Prerequisites: Network access to target · Vulnerable version of ArcSoft MMS Composer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19451
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1387
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2156
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/442841/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28342
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3261
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21426

Scores

EPSS 0.0844
EPSS Percentile 94.3%

Details

Status published
Products (1)
arcsoft/mms_composer < 1.5.5.6
Published Aug 14, 2006
Tracked Since Feb 18, 2026