9.3
CVE-2010-3137
- EPSS 7.83%
- Veröffentlicht 26.08.2010 18:36:36
- Zuletzt bearbeitet 16.06.2026 23:22:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.83% | 0.939 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
http://secunia.com/advisories/41093
http://www.cs.ucdavis.edu/research/tech-reports/2010/CSE-2010-2.pdf
http://www.exploit-db.com/exploits/14789
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6874