Lucene search
FlexeraCVE-2011-3834HistoryDec 16, 2011 - 7:55 p.m.
CVE-2011-3834
2011-12-1619:55:00
CWE-189
flexera
web.nvd.nist.gov
146
cve-2011-3834
winamp
integer overflow
remote code execution
avi file
nvd
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.7
Confidence
High
EPSS
0.327
Percentile
97.1%
Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow.
Affected configurations
Node
nullsoftwinampRangeβ€5.622
ORnullsoftwinampMatch0.20a
ORnullsoftwinampMatch0.92
ORnullsoftwinampMatch1.006
ORnullsoftwinampMatch1.90
ORnullsoftwinampMatch2.0
ORnullsoftwinampMatch2.6
ORnullsoftwinampMatch2.9
ORnullsoftwinampMatch2.10
ORnullsoftwinampMatch2.91
ORnullsoftwinampMatch2.92
ORnullsoftwinampMatch2.95
ORnullsoftwinampMatch5.0
ORnullsoftwinampMatch5.01
ORnullsoftwinampMatch5.1-surround
ORnullsoftwinampMatch5.02
ORnullsoftwinampMatch5.2
ORnullsoftwinampMatch5.3
ORnullsoftwinampMatch5.03
ORnullsoftwinampMatch5.04
ORnullsoftwinampMatch5.05
ORnullsoftwinampMatch5.5
ORnullsoftwinampMatch5.6
ORnullsoftwinampMatch5.06
ORnullsoftwinampMatch5.07
ORnullsoftwinampMatch5.08c
ORnullsoftwinampMatch5.08d
ORnullsoftwinampMatch5.08e
ORnullsoftwinampMatch5.09
ORnullsoftwinampMatch5.11
ORnullsoftwinampMatch5.12
ORnullsoftwinampMatch5.13
ORnullsoftwinampMatch5.21
ORnullsoftwinampMatch5.22
ORnullsoftwinampMatch5.23
ORnullsoftwinampMatch5.24
ORnullsoftwinampMatch5.31
ORnullsoftwinampMatch5.32
ORnullsoftwinampMatch5.33
ORnullsoftwinampMatch5.34
ORnullsoftwinampMatch5.35
ORnullsoftwinampMatch5.51
ORnullsoftwinampMatch5.52
ORnullsoftwinampMatch5.53
ORnullsoftwinampMatch5.54
ORnullsoftwinampMatch5.55
ORnullsoftwinampMatch5.56
ORnullsoftwinampMatch5.57
ORnullsoftwinampMatch5.58
ORnullsoftwinampMatch5.091
ORnullsoftwinampMatch5.093
ORnullsoftwinampMatch5.094
ORnullsoftwinampMatch5.111
ORnullsoftwinampMatch5.112
ORnullsoftwinampMatch5.531
ORnullsoftwinampMatch5.541
ORnullsoftwinampMatch5.551
ORnullsoftwinampMatch5.552
ORnullsoftwinampMatch5.572
ORnullsoftwinampMatch5.581
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nullsoft | winamp | * | cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:* |
| nullsoft | winamp | 0.20a | cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:* |
| nullsoft | winamp | 0.92 | cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:* |
| nullsoft | winamp | 1.006 | cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:* |
| nullsoft | winamp | 1.90 | cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:* |
| nullsoft | winamp | 2.0 | cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:* |
| nullsoft | winamp | 2.6 | cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:* |
| nullsoft | winamp | 2.9 | cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:* |
| nullsoft | winamp | 2.10 | cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:* |
| nullsoft | winamp | 2.91 | cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:* |
Related
securityvulns
securityvulns
WinAmp integer overflows
2011-12-12 00:00:00
Secunia Research: Winamp AVI Parsing Two Integer Overflow Vulnerabilities
2011-12-12 00:00:00
prion
prion
Integer overflow
2011-12-16 19:55:00
cvelist
cvelist
CVE-2011-3834
2011-12-16 19:00:00
checkpoint_advisories
checkpoint_advisories
Nullsoft Winamp RIFF INFO Record Heap Buffer Overflow (CVE-2011-3834)
2012-05-14 00:00:00
Nullsoft Winamp AVI Stream Count Integer Overflow (CVE-2011-3834)
2012-04-16 00:00:00
Nullsoft Winamp RIFF INFO Record Heap Buffer Overflow - Ver2 (CVE-2011-3834)
2014-03-31 00:00:00
seebug
seebug
Winamp 5.x ζ΄ζ°ζΊ’εΊζΌζ΄
2011-12-14 00:00:00
Winamp 5.x ε€δΈͺζ΄ζ°ζΊ’εΊζΌζ΄
2011-12-24 00:00:00
nessus
nessus
Winamp < 5.623 Multiple Integer Overflows
2011-12-21 00:00:00
nvd
nvd
CVE-2011-3834
2011-12-16 19:55:00
openvas
openvas
Winamp AVI And IT Files Parsing Buffer Overflow Vulnerabilities
2011-12-22 00:00:00
Winamp AVI And IT Files Parsing Buffer Overflow Vulnerabilities
2011-12-22 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.7
Confidence
High
EPSS
0.327
Percentile
97.1%
Related for CVE-2011-3834