Lucene search

MitreCVE-2010-3137

HistoryAug 26, 2010 - 6:36 p.m.

CVE-2010-3137

2010-08-2618:36:36

mitre

web.nvd.nist.gov

cve-2010-3137

nullsoft winamp

code execution

dll hijacking

vulnerability

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.007

Percentile

80.6%

JSON

Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file.

Affected configurations

Nvd

Node

nullsoftwinampMatch5.581

VendorProductVersionCPE
nullsoftwinamp5.581cpe:2.3:a:nullsoft:winamp:5.581:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nullsoft	winamp	5.581	cpe:2.3:a:nullsoft:winamp:5.581:::::::*

References

secunia.com/advisories/41093

www.cs.ucdavis.edu/research/tech-reports/2010/CSE-2010-2.pdf

www.exploit-db.com/exploits/14789

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6874

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.007

Percentile

80.6%

JSON

Related for CVE-2010-3137