CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.5%
The remote host is using Winamp, a popular media player for Windows.
The version of Winamp installed on the remote Windows host reportedly contains a flaw in its ‘libsndfile.dll’ library that may allow an attacker to corrupt memory using a specially crafted Matlab (.MAT) sound file and execute arbitrary code subject to the privileges of the user.
In addition, it may also be affected by similar issues in its optional Module Decoder (in_mod.dll) plugin involving malicious .IT and .S3M files.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(25770);
script_version("1.18");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2007-1921", "CVE-2007-1922");
script_bugtraq_id(23350, 23351);
script_name(english:"Winamp < 5.34 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a multimedia application that is
affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote host is using Winamp, a popular media player for Windows.
The version of Winamp installed on the remote Windows host reportedly
contains a flaw in its 'libsndfile.dll' library that may allow an
attacker to corrupt memory using a specially crafted Matlab (.MAT)
sound file and execute arbitrary code subject to the privileges of the
user.
In addition, it may also be affected by similar issues in its optional
Module Decoder (in_mod.dll) plugin involving malicious .IT and .S3M
files.");
script_set_attribute(attribute:"see_also", value:"https://www.piotrbania.com/all/adv/nullsoft-winamp-libsndfile-adv.txt");
script_set_attribute(attribute:"see_also", value:"https://www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-in_mod-adv.txt");
script_set_attribute(attribute:"see_also", value:"https://www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in_mod-adv.txt");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/464889/30/0/threaded");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/464890/30/0/threaded");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/464893/30/0/threaded");
script_set_attribute(attribute:"see_also", value:"http://forums.winamp.com/showthread.php?threadid=269831");
script_set_attribute(attribute:"see_also", value:"http://www.winamp.com/player/version-history");
script_set_attribute(attribute:"solution", value:
"Upgrade to Winamp version 5.34 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20);
script_set_attribute(attribute:"vuln_publication_date", value:"2007/04/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/07/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:nullsoft:winamp");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2007-2022 Tenable Network Security, Inc.");
script_dependencies("winamp_in_cdda_buffer_overflow.nasl");
script_require_keys("SMB/Winamp/Version");
exit(0);
}
# Check version of Winamp.
#
# nb: the KB item is based on GetFileVersion, which may differ
# from what the client reports.
ver = get_kb_item("SMB/Winamp/Version");
if (ver && ver =~ "^([0-4]\.|5\.([0-2]\.|3\.[0-3]\.))")
security_hole(get_kb_item("SMB/transport"));
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1921
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1922
forums.winamp.com/showthread.php?threadid=269831
www.winamp.com/player/version-history
www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in_mod-adv.txt
www.piotrbania.com/all/adv/nullsoft-winamp-libsndfile-adv.txt
www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-in_mod-adv.txt
www.securityfocus.com/archive/1/464889/30/0/threaded
www.securityfocus.com/archive/1/464890/30/0/threaded
www.securityfocus.com/archive/1/464893/30/0/threaded