CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
95.1%
The remote host is running Winamp, a media player for Windows.
Versions of Winamp earlier than 5.6 are potentially affected by multiple vulnerabilities :
An integer overflow vulnerability exists in the ‘in_nsv.dll’ plugin when parsing the table of contents of a NullSoft Video (NSV) stream or file. (CVE-2010-2586)
A heap-base buffer overflow vulnerability exists in the ‘in_midi.dll’ plugin when parsing MIDI content. (CVE-2010-4370)
A buffer overflow vulnerability exists in the ‘in_mod’ plugin and is related to the comment box. (CVE-2010-4371)
An integer overflow vulnerability exists in the 'in_nsv plugin due to improper memory allocation for Nullsoft Video (NSV) metadata. (CVE-2010-4372)
An error exists in the ‘in_mp4’ plugin which allows remote attackers to use either crafted metadata or album art in an MP4 file to cause a denial of service. (CVE-2010-4373)
An error exists in the ‘in_mkv’ plugin which allows remote attackers to use a crafted Matroska Video (MKV) file to cause a denial of service. (CVE-2010-4374)
Binary data 5717.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2586
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4370
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4371
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4372
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4373
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4374
forums.winamp.com/showthread.php?t=322995
secunia.com/secunia_research/2010-95