9.3

CVE-2007-1922

The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NullsoftWinamp Version5.33
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.78% 0.908
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id?1017886
http://www.vupen.com/english/advisories/2007/1286
http://marc.info/?l=dailydave&m=117589949000906&w=2
http://marc.info/?l=dailydave&m=117590046601511&w=2
http://osvdb.org/34430
http://osvdb.org/34431
http://securityreason.com/securityalert/2532
http://www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in_mod-adv.txt
Patch
Vendor Advisory
http://www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-in_mod-adv.txt
http://www.securityfocus.com/archive/1/464890/100/0/threaded
http://www.securityfocus.com/archive/1/464893/100/0/threaded
http://www.securityfocus.com/bid/23350
https://exchange.xforce.ibmcloud.com/vulnerabilities/33480