Lucene search

MitreCVE-2008-3441

HistoryAug 01, 2008 - 2:41 p.m.

CVE-2008-3441

2008-08-0114:41:00

CWE-94

mitre

web.nvd.nist.gov

cve-2008-3441

nullsoft winamp

update authenticity

arbitrary code execution

evilgrade

dns cache poisoning

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

High

EPSS

0.005

Percentile

76.0%

JSON

Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

Affected configurations

Nvd

Node

nullsoftwinampRange<5.24

VendorProductVersionCPE
nullsoftwinamp*cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nullsoft	winamp	*	cpe:2.3:a:nullsoft:winamp::::::::

References

archives.neohapsis.com/archives/bugtraq/2008-07/0250.html

securitytracker.com/id?1020582

www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf

www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15225

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

High

EPSS

0.005

Percentile

76.0%

JSON

Related for CVE-2008-3441