9.3
CVE-2007-1922
- EPSS 4.78%
- Veröffentlicht 10.04.2007 23:19:00
- Zuletzt bearbeitet 16.06.2026 22:38:34
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.78% | 0.908 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.securitytracker.com/id?1017886
http://www.vupen.com/english/advisories/2007/1286
http://marc.info/?l=dailydave&m=117589949000906&w=2
http://marc.info/?l=dailydave&m=117590046601511&w=2
http://osvdb.org/34430
http://osvdb.org/34431
http://securityreason.com/securityalert/2532
http://www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in_mod-adv.txt
http://www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-in_mod-adv.txt
http://www.securityfocus.com/archive/1/464890/100/0/threaded
http://www.securityfocus.com/archive/1/464893/100/0/threaded
http://www.securityfocus.com/bid/23350
https://exchange.xforce.ibmcloud.com/vulnerabilities/33480