Vulnerabilities > CVE-2007-1921 - Remote Code Execution vulnerability in Nullsoft Winamp 5.33
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption. To exploit this issue, an attacker must entice an unsuspecting user to use the affected application to open a specially crafted file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Windows |
NASL id | WINAMP_534.NASL |
description | The remote host is using Winamp, a popular media player for Windows. The version of Winamp installed on the remote Windows host reportedly contains a flaw in its |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 25770 |
published | 2007-07-27 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/25770 |
title | Winamp < 5.34 Multiple Vulnerabilities |
code |
|
References
- http://marc.info/?l=dailydave&m=117589848432659&w=2
- http://osvdb.org/34432
- http://secunia.com/advisories/24766
- http://securityreason.com/securityalert/2541
- http://www.piotrbania.com/all/adv/nullsoft-winamp-libsndfile-adv.txt
- http://www.securityfocus.com/archive/1/464889/100/0/threaded
- http://www.securityfocus.com/bid/23351
- http://www.securitytracker.com/id?1017886
- http://www.vupen.com/english/advisories/2007/1286
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33481