Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2013-4694
HistoryApr 16, 2014 - 10:55 p.m.

CVE-2013-4694

2014-04-1622:55:06
CWE-119
mitre
web.nvd.nist.gov
37
cve
winamp
buffer overflow
denial of service
remote attack
arbitrary code
security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8

Confidence

High

EPSS

0.177

Percentile

96.2%

JSON

Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk.

Affected configurations

Nvd
Node
nullsoftwinampRange5.63
OR
nullsoftwinampMatch0.20a
OR
nullsoftwinampMatch0.92
OR
nullsoftwinampMatch1.006
OR
nullsoftwinampMatch1.90
OR
nullsoftwinampMatch2.0
OR
nullsoftwinampMatch2.6
OR
nullsoftwinampMatch2.9
OR
nullsoftwinampMatch2.10
OR
nullsoftwinampMatch2.91
OR
nullsoftwinampMatch2.92
OR
nullsoftwinampMatch2.95
OR
nullsoftwinampMatch5.0
OR
nullsoftwinampMatch5.01
OR
nullsoftwinampMatch5.1-surround
OR
nullsoftwinampMatch5.02
OR
nullsoftwinampMatch5.2
OR
nullsoftwinampMatch5.3
OR
nullsoftwinampMatch5.03
OR
nullsoftwinampMatch5.04
OR
nullsoftwinampMatch5.05
OR
nullsoftwinampMatch5.5
OR
nullsoftwinampMatch5.06
OR
nullsoftwinampMatch5.07
OR
nullsoftwinampMatch5.08c
OR
nullsoftwinampMatch5.08d
OR
nullsoftwinampMatch5.08e
OR
nullsoftwinampMatch5.09
OR
nullsoftwinampMatch5.11
OR
nullsoftwinampMatch5.12
OR
nullsoftwinampMatch5.13
OR
nullsoftwinampMatch5.21
OR
nullsoftwinampMatch5.22
OR
nullsoftwinampMatch5.23
OR
nullsoftwinampMatch5.24
OR
nullsoftwinampMatch5.31
OR
nullsoftwinampMatch5.32
OR
nullsoftwinampMatch5.33
OR
nullsoftwinampMatch5.34
OR
nullsoftwinampMatch5.35
OR
nullsoftwinampMatch5.36
OR
nullsoftwinampMatch5.51
OR
nullsoftwinampMatch5.51beta
OR
nullsoftwinampMatch5.52
OR
nullsoftwinampMatch5.53
OR
nullsoftwinampMatch5.54
OR
nullsoftwinampMatch5.54beta
OR
nullsoftwinampMatch5.55
OR
nullsoftwinampMatch5.55beta
OR
nullsoftwinampMatch5.56
OR
nullsoftwinampMatch5.57
OR
nullsoftwinampMatch5.58
OR
nullsoftwinampMatch5.59beta
OR
nullsoftwinampMatch5.61
OR
nullsoftwinampMatch5.091
OR
nullsoftwinampMatch5.093
OR
nullsoftwinampMatch5.094
OR
nullsoftwinampMatch5.111
OR
nullsoftwinampMatch5.112
OR
nullsoftwinampMatch5.531
OR
nullsoftwinampMatch5.541
OR
nullsoftwinampMatch5.551
OR
nullsoftwinampMatch5.552
OR
nullsoftwinampMatch5.572
OR
nullsoftwinampMatch5.581
OR
nullsoftwinampMatch5.623
VendorProductVersionCPE
nullsoftwinamp*cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*
nullsoftwinamp0.20acpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*
nullsoftwinamp0.92cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*
nullsoftwinamp1.006cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*
nullsoftwinamp1.90cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*
nullsoftwinamp2.0cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*
nullsoftwinamp2.6cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*
nullsoftwinamp2.9cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*
nullsoftwinamp2.10cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*
nullsoftwinamp2.91cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*
Rows per page:
1-10 of 661

Related

packetstorm 2
cvelist 1
securityvulns 2
openvas 1
exploitpack 1
seebug 1
zdt 2
kaspersky 1
prion 1
exploitdb 2
nvd 1
nessus 1
packetstorm
packetstorm
WinAmp 5.63 Buffer Overflow
2013-07-01 00:00:00
WinAmp 5.63 Buffer Overflow
2013-08-27 00:00:00
cvelist
cvelist
CVE-2013-4694
2014-04-16 22:00:00
securityvulns
securityvulns
[CVE-2013-4694] WinAmp v5.63 gen_jumpex.dll and ml_local.dll Multiple Buffer Overflows
2013-07-08 00:00:00
WinAmp security vulnerabilities
2013-07-08 00:00:00
openvas
openvas
Winamp Libraries Multiple Buffer Overflow Vulnerability (Sep 2014)
2014-09-18 00:00:00
exploitpack
exploitpack
Winamp 5.63 - Stack Buffer Overflow
2013-07-02 00:00:00
seebug
seebug
WinAmp 5.63 - Stack-based Buffer Overflow
2014-07-01 00:00:00
zdt
zdt
WinAmp 5.63 - Stack-based Buffer Overflow Vulnerability
2013-07-03 00:00:00
WinAmp 5.63 (winamp.ini) - Local Exploit
2013-08-27 00:00:00
kaspersky
kaspersky
KLA10020 DoS vulnerability in Winamp
2014-04-16 00:00:00
prion
prion
Stack overflow
2014-04-16 22:55:00
exploitdb
exploitdb
Winamp 5.63 - 'winamp.ini' Local Overflow
2013-08-26 00:00:00
Winamp 5.63 - Stack Buffer Overflow
2013-07-02 00:00:00
nvd
nvd
CVE-2013-4694
2014-04-16 22:55:06
nessus
nessus
Winamp < 5.64 Multiple Vulnerabilities
2013-07-09 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8

Confidence

High

EPSS

0.177

Percentile

96.2%

JSON
Related for CVE-2013-4694
packetstorm2cvelist1securityvulns2openvas1exploitpack1seebug1zdt2kaspersky1prion1exploitdb2nvd1nessus1