Critical

CVE-2009-0263 - Buffer Errors vulnerability in Nullsoft Winamp

Publication: 2009-01-23
Summary

Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.

Classification
CWE-119: Buffer Errors

Risk level (CVSS 10)

Critical

10.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Nullsoft Winamp 2.5e
  • Nullsoft Winamp 5.08e
  • Nullsoft Winamp 2.0
  • Nullsoft Winamp 2.4
  • Nullsoft Winamp 2.10
  • Nullsoft Winamp 2.24
  • Nullsoft Winamp 2.50
  • Nullsoft Winamp 2.60
  • Nullsoft Winamp 2.60
  • Nullsoft Winamp 2.60
  • Nullsoft Winamp 2.61
  • Nullsoft Winamp 2.61
  • Nullsoft Winamp 2.62
  • Nullsoft Winamp 2.62
  • Nullsoft Winamp 2.64
  • Nullsoft Winamp 2.64
  • Nullsoft Winamp 2.65
  • Nullsoft Winamp 2.70
  • Nullsoft Winamp 2.70
  • Nullsoft Winamp 2.71
  • Nullsoft Winamp 2.72
  • Nullsoft Winamp 2.73
  • Nullsoft Winamp 2.73
  • Nullsoft Winamp 2.74
  • Nullsoft Winamp 2.75
  • Nullsoft Winamp 2.76
  • Nullsoft Winamp 2.77
  • Nullsoft Winamp 2.78
  • Nullsoft Winamp 2.79
  • Nullsoft Winamp 2.80
  • Nullsoft Winamp 2.81
  • Nullsoft Winamp 2.90
  • Nullsoft Winamp 2.91
  • Nullsoft Winamp 2.95
  • Nullsoft Winamp 3.0
  • Nullsoft Winamp 3.1
  • Nullsoft Winamp 5.0
  • Nullsoft Winamp 5.0.1
  • Nullsoft Winamp 5.0.2
  • Nullsoft Winamp 2.6x
  • Nullsoft Winamp 2.7x
  • Nullsoft Winamp 5.08d
  • Nullsoft Winamp 5.08c
  • Nullsoft Winamp 5.03a
  • Nullsoft Winamp 5.01
  • Nullsoft Winamp 5.02
  • Nullsoft Winamp 5.03
  • Nullsoft Winamp 5.04
  • Nullsoft Winamp 5.05
  • Nullsoft Winamp 5.06
  • Nullsoft Winamp 5.07
  • Nullsoft Winamp 5.08
  • Nullsoft Winamp 5.08
  • Nullsoft Winamp 5.08
  • Nullsoft Winamp 5.08
  • Nullsoft Winamp 5.09
  • Nullsoft Winamp 5.11
  • Nullsoft Winamp 5.12
  • Nullsoft Winamp 5.13
  • Nullsoft Winamp 5.21
  • Nullsoft Winamp 5.22
  • Nullsoft Winamp 5.23
  • Nullsoft Winamp 5.24
  • Nullsoft Winamp 5.31
  • Nullsoft Winamp 5.32
  • Nullsoft Winamp 5.33
  • Nullsoft Winamp 5.34
  • Nullsoft Winamp 5.35
  • Nullsoft Winamp 5.36
  • Nullsoft Winamp 5.51
  • Nullsoft Winamp 5.52
  • Nullsoft Winamp 5.53
  • Nullsoft Winamp 5.54
  • Nullsoft Winamp 5.091
  • Nullsoft Winamp 5.093
  • Nullsoft Winamp 5.094
  • Nullsoft Winamp 5.111
  • Nullsoft Winamp 5.112
  • Nullsoft Winamp 5.541