CVE-2006-4046

Name of the Vulnerable Software and Affected Versions Open Cubic Player versions 2.6.0pre6 and earlier for Windows Open Cubic Player versions 0.1.10 rc5 and earlier for Linux/BSD

Description The issue allows remote attackers to execute arbitrary code via multiple stack-based buffer overflows. This can occur through a large .S3M file handled by the mpLoadS3M function, a crafted .IT file handled by the itplayerclass::module::load function, a crafted .ULT file handled by the mpLoadULT function, or a crafted .AMS file handled by the mpLoadAMS function.

Recommendations For Open Cubic Player versions 2.6.0pre6 and earlier for Windows, consider updating to a newer version. For Open Cubic Player versions 0.1.10 rc5 and earlier for Linux/BSD, consider updating to a newer version. As a temporary workaround, consider disabling the handling of .S3M, .IT, .ULT, and .AMS files until a patch is available.