CVE-2010-1523

2010-11-0600:00:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2010-1523

winamp

buffer overflow

vp6 codec

arbitrary code execution

video file

video stream

7.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.066 Low

EPSS

Percentile

93.7%

JSON

Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream.

CPENameOperatorVersion
nullsoft:winampnullsoft winampeq2.6x
nullsoft:winampnullsoft winampeq5.57
nullsoft:winampnullsoft winampeq5.093
nullsoft:winampnullsoft winampeq2.64
nullsoft:winampnullsoft winampeq5.552
nullsoft:winampnullsoft winampeq5.36
nullsoft:winampnullsoft winampeq5.24
nullsoft:winampnullsoft winampeq2.62
nullsoft:winampnullsoft winampeq5.111
nullsoft:winampnullsoft winampeq2.24

CPE	Name	Operator	Version
nullsoft:winamp	nullsoft winamp	eq	2.6x
nullsoft:winamp	nullsoft winamp	eq	5.57
nullsoft:winamp	nullsoft winamp	eq	5.093
nullsoft:winamp	nullsoft winamp	eq	2.64
nullsoft:winamp	nullsoft winamp	eq	5.552
nullsoft:winamp	nullsoft winamp	eq	5.36
nullsoft:winamp	nullsoft winamp	eq	5.24
nullsoft:winamp	nullsoft winamp	eq	2.62
nullsoft:winamp	nullsoft winamp	eq	5.111
nullsoft:winamp	nullsoft winamp	eq	2.24