Lucene search
HistoryDec 02, 2010 - 4:22 p.m.
CVE-2010-2586
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.5
Confidence
High
EPSS
0.109
Percentile
95.1%
Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow.
Affected configurations
Node
nullsoftwinampRange≤5.581
ORnullsoftwinampMatch0.20a
ORnullsoftwinampMatch0.92
ORnullsoftwinampMatch1.006
ORnullsoftwinampMatch1.90
ORnullsoftwinampMatch2.0
ORnullsoftwinampMatch2.6
ORnullsoftwinampMatch2.9
ORnullsoftwinampMatch2.10
ORnullsoftwinampMatch2.91
ORnullsoftwinampMatch2.92
ORnullsoftwinampMatch2.95
ORnullsoftwinampMatch5.0
ORnullsoftwinampMatch5.01
ORnullsoftwinampMatch5.1-surround
ORnullsoftwinampMatch5.02
ORnullsoftwinampMatch5.2
ORnullsoftwinampMatch5.3
ORnullsoftwinampMatch5.03
ORnullsoftwinampMatch5.04
ORnullsoftwinampMatch5.05
ORnullsoftwinampMatch5.5
ORnullsoftwinampMatch5.06
ORnullsoftwinampMatch5.07
ORnullsoftwinampMatch5.08c
ORnullsoftwinampMatch5.08d
ORnullsoftwinampMatch5.08e
ORnullsoftwinampMatch5.09
ORnullsoftwinampMatch5.11
ORnullsoftwinampMatch5.12
ORnullsoftwinampMatch5.13
ORnullsoftwinampMatch5.21
ORnullsoftwinampMatch5.22
ORnullsoftwinampMatch5.23
ORnullsoftwinampMatch5.24
ORnullsoftwinampMatch5.31
ORnullsoftwinampMatch5.32
ORnullsoftwinampMatch5.33
ORnullsoftwinampMatch5.34
ORnullsoftwinampMatch5.35
ORnullsoftwinampMatch5.51
ORnullsoftwinampMatch5.52
ORnullsoftwinampMatch5.53
ORnullsoftwinampMatch5.54
ORnullsoftwinampMatch5.55
ORnullsoftwinampMatch5.56
ORnullsoftwinampMatch5.58
ORnullsoftwinampMatch5.091
ORnullsoftwinampMatch5.093
ORnullsoftwinampMatch5.094
ORnullsoftwinampMatch5.111
ORnullsoftwinampMatch5.112
ORnullsoftwinampMatch5.531
ORnullsoftwinampMatch5.541
ORnullsoftwinampMatch5.551
ORnullsoftwinampMatch5.552
ORnullsoftwinampMatch5.572
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nullsoft | winamp | * | cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:* |
| nullsoft | winamp | 0.20a | cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:* |
| nullsoft | winamp | 0.92 | cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:* |
| nullsoft | winamp | 1.006 | cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:* |
| nullsoft | winamp | 1.90 | cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:* |
| nullsoft | winamp | 2.0 | cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:* |
| nullsoft | winamp | 2.6 | cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:* |
| nullsoft | winamp | 2.9 | cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:* |
| nullsoft | winamp | 2.10 | cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:* |
| nullsoft | winamp | 2.91 | cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:* |
References
Related
cvelist
cvelist
CVE-2010-2586
2010-12-02 16:00:00
CVE-2010-4372
2010-12-02 16:00:00
prion
prion
Integer overflow
2010-12-02 16:22:00
Integer overflow
2010-12-02 16:22:00
securityvulns
securityvulns
Secunia Research: Winamp NSV Table of Contents Parsing Integer Overflow
2010-12-01 00:00:00
WinAmp integer overflow
2010-12-22 00:00:00
cve
cve
CVE-2010-2586
2010-12-02 16:22:20
CVE-2010-4372
2010-12-02 16:22:22
nvd
nvd
CVE-2010-4372
2010-12-02 16:22:22
openvas
openvas
Winamp Multiple Vulnerabilities
2010-12-09 00:00:00
Winamp Multiple Vulnerabilities
2010-12-09 00:00:00
nessus
nessus
Winamp < 5.6 Multiple Vulnerabilities
2010-11-30 00:00:00
Winamp < 5.60 Multiple Vulnerabilities
2010-10-27 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.5
Confidence
High
EPSS
0.109
Percentile
95.1%
Related for NVD:CVE-2010-2586