Lucene search

[email protected]NVD:CVE-2007-6403

HistoryDec 17, 2007 - 6:46 p.m.

CVE-2007-6403

2007-12-1718:46:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.145

Percentile

95.9%

JSON

Stack-based buffer overflow in Nullsoft Winamp 5.32 allows user-assisted remote attackers to execute arbitrary code via crafted unicode in a .mp4 file, with crafted tags, contained in a certain .rar archive, a related issue to CVE-2007-2498. NOTE: for exploitation, the victim must select a certain menu option at the time of the attack.

Affected configurations

Nvd

Node

winampnullsoft_winampMatch5.32

VendorProductVersionCPE
winampnullsoft_winamp5.32cpe:2.3:a:winamp:nullsoft_winamp:5.32:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
winamp	nullsoft_winamp	5.32	cpe:2.3:a:winamp:nullsoft_winamp:5.32:::::::*

References

securityreason.com/securityalert/3456

www.securityfocus.com/archive/1/484776/100/0/threaded

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15562

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.145

Percentile

95.9%

JSON

Related for NVD:CVE-2007-6403

prion2 cve2 cvelist2 exploitdb2 securityvulns1 nvd1 nessus1