CVE-2006-6288

Name of the Vulnerable Software and Affected Versions CoolPlayer versions 216 and earlier

Description The issue is related to multiple buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved through a playlist file with long song names, which causes an overflow in the CPL AddPrefixedFile function in CPI Playlist.c. Additionally, overflows can occur in skin files with long button names, due to the main skin check ini value function in skin.c, and in skin files with long bitmap filenames, because of the main skin open function in skin.c.

Recommendations For CoolPlayer versions 216 and earlier, consider disabling the use of playlist files with long song names, skin files with long button names, and skin files with long bitmap filenames until a patch is available. Restrict access to the CPL AddPrefixedFile function, main skin check ini value function, and main skin open function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.