Lucene search

FlexeraCVE-2010-2586

HistoryDec 02, 2010 - 4:22 p.m.

CVE-2010-2586

2010-12-0216:22:20

CWE-189

flexera

web.nvd.nist.gov

cve-2010-2586

integer overflows

in_nsv.dll

in_nsv plugin

winamp

remote code execution

heap-based buffer overflow

nvd

security vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.109

Percentile

95.1%

JSON

Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow.

Affected configurations

Nvd

Node

nullsoftwinampRange≤5.581

nullsoftwinampMatch0.20a

nullsoftwinampMatch0.92

nullsoftwinampMatch1.006

nullsoftwinampMatch1.90

nullsoftwinampMatch2.0

nullsoftwinampMatch2.6

nullsoftwinampMatch2.9

nullsoftwinampMatch2.10

nullsoftwinampMatch2.91

nullsoftwinampMatch2.92

nullsoftwinampMatch2.95

nullsoftwinampMatch5.0

nullsoftwinampMatch5.01

nullsoftwinampMatch5.1-surround

nullsoftwinampMatch5.02

nullsoftwinampMatch5.2

nullsoftwinampMatch5.3

nullsoftwinampMatch5.03

nullsoftwinampMatch5.04

nullsoftwinampMatch5.05

nullsoftwinampMatch5.5

nullsoftwinampMatch5.06

nullsoftwinampMatch5.07

nullsoftwinampMatch5.08c

nullsoftwinampMatch5.08d

nullsoftwinampMatch5.08e

nullsoftwinampMatch5.09

nullsoftwinampMatch5.11

nullsoftwinampMatch5.12

nullsoftwinampMatch5.13

nullsoftwinampMatch5.21

nullsoftwinampMatch5.22

nullsoftwinampMatch5.23

nullsoftwinampMatch5.24

nullsoftwinampMatch5.31

nullsoftwinampMatch5.32

nullsoftwinampMatch5.33

nullsoftwinampMatch5.34

nullsoftwinampMatch5.35

nullsoftwinampMatch5.51

nullsoftwinampMatch5.52

nullsoftwinampMatch5.53

nullsoftwinampMatch5.54

nullsoftwinampMatch5.55

nullsoftwinampMatch5.56

nullsoftwinampMatch5.58

nullsoftwinampMatch5.091

nullsoftwinampMatch5.093

nullsoftwinampMatch5.094

nullsoftwinampMatch5.111

nullsoftwinampMatch5.112

nullsoftwinampMatch5.531

nullsoftwinampMatch5.541

nullsoftwinampMatch5.551

nullsoftwinampMatch5.552

nullsoftwinampMatch5.572

VendorProductVersionCPE
nullsoftwinamp*cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*
nullsoftwinamp0.20acpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*
nullsoftwinamp0.92cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*
nullsoftwinamp1.006cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*
nullsoftwinamp1.90cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*
nullsoftwinamp2.0cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*
nullsoftwinamp2.6cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*
nullsoftwinamp2.9cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*
nullsoftwinamp2.10cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*
nullsoftwinamp2.91cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nullsoft	winamp	*	cpe:2.3:a:nullsoft:winamp::::::::
nullsoft	winamp	0.20a	cpe:2.3:a:nullsoft:winamp:0.20a:::::::*
nullsoft	winamp	0.92	cpe:2.3:a:nullsoft:winamp:0.92:::::::*
nullsoft	winamp	1.006	cpe:2.3:a:nullsoft:winamp:1.006:::::::*
nullsoft	winamp	1.90	cpe:2.3:a:nullsoft:winamp:1.90:::::::*
nullsoft	winamp	2.0	cpe:2.3:a:nullsoft:winamp:2.0:::::::*
nullsoft	winamp	2.6	cpe:2.3:a:nullsoft:winamp:2.6:::::::*
nullsoft	winamp	2.9	cpe:2.3:a:nullsoft:winamp:2.9:::::::*
nullsoft	winamp	2.10	cpe:2.3:a:nullsoft:winamp:2.10:::::::*
nullsoft	winamp	2.91	cpe:2.3:a:nullsoft:winamp:2.91:::::::*

Rows per page:

1-10 of 571

References

forums.winamp.com/showthread.php?t=324322

forums.winamp.com/showthread.php?threadid=159785

secunia.com/advisories/42004

secunia.com/secunia_research/2010-127/

www.securityfocus.com/archive/1/514962/100/0/threaded

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12587

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.109

Percentile

95.1%

JSON

Related for CVE-2010-2586