CVE-2007-1922

EPSS 15.64%
Veröffentlicht 10.04.2007 23:19:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nullsoft ≫ Winamp Version5.33

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	15.64%	0.944

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id?1017886

http://www.vupen.com/english/advisories/2007/1286

http://marc.info/?l=dailydave&m=117589949000906&w=2

http://marc.info/?l=dailydave&m=117590046601511&w=2

http://osvdb.org/34430

http://osvdb.org/34431

http://securityreason.com/securityalert/2532

http://www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in_mod-adv.txt

Patch

Vendor Advisory

http://www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-in_mod-adv.txt

http://www.securityfocus.com/archive/1/464890/100/0/threaded