Intrusion Prevention

Songbird.Media.Player.DoS

Description

This indicates an attempt to exploit a denial-of-service vulnerability in Songbird Media Player.
The vulnerability is a result of a format-string error in the Unicode converter that occurs when processing extended ASCII. A remote attacker can exploit this to consume all available CPU resources and cause a victim's system to crash, by creating a malformed M3U playlist file and persuading a victim to load it.

Affected Products

Songbird Media Player 0.2 and earlier.

Impact

Denial of service

Recommended Actions

We are not aware of any officially supplied patch at this time. Please check the Songbirdnest.com web site for updates: http://www.songbirdnest.com/

CVE References

CVE-2006-6250