CVE-2006-4132

ArcSoft MMS Composer < 1.5.5.6 - Denial of Service via WAPPush Messages

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4132. PoCs published by Collin Mulliner.

AI-analyzed exploit summary This is a Proof-of-Concept tool demonstrating a flood/crash vulnerability in PocketPC MMS Composer via UDP port 2948. It sends MMS new message notifications to target devices, causing denial-of-service conditions or crashes.

Description

ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and possibly earlier, allow remote attackers to cause a denial of service (resource exhaustion and application crash) via WAPPush messages to UDP port UDP 2948.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Collin Mulliner · cdoshardware

https://www.exploit-db.com/exploits/2156

View Code ZIP pw:eip

This is a Proof-of-Concept tool demonstrating a flood/crash vulnerability in PocketPC MMS Composer via UDP port 2948. It sends MMS new message notifications to target devices, causing denial-of-service conditions or crashes.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: PocketPC MMS Composer 1.5 and 2.0 on WinCE 4.2x

No auth needed

Prerequisites: Network access to target device · UDP port 2948 accessible

MITRE ATT&CK