Lucene search

[email protected]CVE-2007-1922

HistoryApr 10, 2007 - 11:19 p.m.

CVE-2007-1922

2007-04-1023:19:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2007-1922

impulse tracker

screamtracker

winamp 5.33

remote code execution

memory corruption

7.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.156 Low

EPSS

Percentile

95.8%

JSON

The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.

CPENameOperatorVersion
nullsoft:winampnullsoft winampeq5.33

CPE	Name	Operator	Version
nullsoft:winamp	nullsoft winamp	eq	5.33

References

marc.info/?l=dailydave&m=117589949000906&w=2

marc.info/?l=dailydave&m=117590046601511&w=2

osvdb.org/34430

osvdb.org/34431

securityreason.com/securityalert/2532

www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in_mod-adv.txt

www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-in_mod-adv.txt

www.securityfocus.com/archive/1/464890/100/0/threaded

www.securityfocus.com/archive/1/464893/100/0/threaded

www.securityfocus.com/bid/23350

www.securitytracker.com/id?1017886

www.vupen.com/english/advisories/2007/1286

exchange.xforce.ibmcloud.com/vulnerabilities/33480

7.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.156 Low

EPSS

Percentile

95.8%

JSON

Related for CVE-2007-1922

prion1 securityvulns1 nessus1