Lucene search

MitreCVE-2007-1922

HistoryApr 10, 2007 - 11:19 p.m.

CVE-2007-1922

2007-04-1023:19:00

CWE-20

mitre

web.nvd.nist.gov

cve-2007-1922

impulse tracker

screamtracker

winamp 5.33

remote code execution

memory corruption

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.205

Percentile

96.5%

JSON

The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.

Affected configurations

Nvd

Node

nullsoftwinampMatch5.33

VendorProductVersionCPE
nullsoftwinamp5.33cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nullsoft	winamp	5.33	cpe:2.3:a:nullsoft:winamp:5.33:::::::*

References

marc.info/?l=dailydave&m=117589949000906&w=2

marc.info/?l=dailydave&m=117590046601511&w=2

osvdb.org/34430

osvdb.org/34431

securityreason.com/securityalert/2532

www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in_mod-adv.txt

www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-in_mod-adv.txt

www.securityfocus.com/archive/1/464890/100/0/threaded

www.securityfocus.com/archive/1/464893/100/0/threaded

www.securityfocus.com/bid/23350

www.securitytracker.com/id?1017886

www.vupen.com/english/advisories/2007/1286

exchange.xforce.ibmcloud.com/vulnerabilities/33480

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.205

Percentile

96.5%

JSON

Related for CVE-2007-1922