Tenable5267.PRMWinamp < 5.57 Multiple Vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.3%
The remote host is running Winamp, a media player for Windows. The version of Winamp installed on the remote host is earlier than 5.57. Such versions are potentially affected by multiple vulnerabilities :
-
A boundary error in the Module Decoder Plug-in exists when parsing samples and can be exploited to cause a heap-based buffer overflow via a specially crafted βImpulse Trackerβ file. (CVE-2009-3995)
-
An error in the Module Decoder Plug-in when parsing βUltratrackerβ files can be exploited to cause a heap-based buffer overflow. (CVE-2009-3996)
-
An integer overflow error exists in the Module Decoder Plug-in when parsing βOktalyzerβ files and can be exploited to cause a heap-based buffer overflow.
-
Multiple integer overflow vulnerabilities in the βjpeg.w5sβ and βpng.w5sβ filters when processing malformed βJPEGβ and βPNGβ data.
Binary data 5267.prmReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3995
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3996
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3997
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4356
secunia.com/secunia_research/2009-53
secunia.com/secunia_research/2009-56
secunia.com/secunia_research/2009-57
www.nessus.org/u?0e4f075b
www.securityfocus.com/archive/1/508532/30/0/threaded
www.winamp.com/help/Version_History#Winamp_5.57
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.3%