Vulnerabilities > CVE-2009-1831 - Numeric Errors vulnerability in Nullsoft Winamp
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description Winamp 5.551 MAKI Parsing Integer Overflow PoC. CVE-2009-1831. Dos exploit for windows platform file exploits/windows/dos/8767.c id EDB-ID:8767 last seen 2016-02-01 modified 2009-05-22 platform windows port published 2009-05-22 reporter n00b source https://www.exploit-db.com/download/8767/ title Winamp 5.551 - MAKI Parsing Integer Overflow PoC type dos description Winamp. CVE-2009-1831. Local exploit for windows platform file exploits/windows/local/8772.pl id EDB-ID:8772 last seen 2016-02-01 modified 2009-05-22 platform windows port published 2009-05-22 reporter Encrypt3d.M!nd source https://www.exploit-db.com/download/8772/ title Winamp <= 5.55 - MAKI script Universal Integer Overflow Exploit type local description Winamp 5.551 MAKI Parsing Integer Overflow Exploit. CVE-2009-1831. Local exploit for windows platform file exploits/windows/local/8783.c id EDB-ID:8783 last seen 2016-02-01 modified 2009-05-26 platform windows port published 2009-05-26 reporter n00b source https://www.exploit-db.com/download/8783/ title Winamp 5.551 - MAKI Parsing Integer Overflow Exploit type local description Winamp MAKI Buffer Overflow. CVE-2009-1831. Local exploit for windows platform id EDB-ID:21256 last seen 2016-02-02 modified 2012-09-12 published 2012-09-12 reporter metasploit source https://www.exploit-db.com/download/21256/ title Winamp - MAKI Buffer Overflow description Winamp. CVE-2009-1831. Local exploit for windows platform file exploits/windows/local/8770.py id EDB-ID:8770 last seen 2016-02-01 modified 2009-05-22 platform windows port published 2009-05-22 reporter His0k4 source https://www.exploit-db.com/download/8770/ title Winamp <= 5.55 - MAKI script Universal Seh Overwrite Exploit type local
Metasploit
| description | This module exploits a stack based buffer overflow in Winamp 5.55. The flaw exists in the gen_ff.dll and occurs while parsing a specially crafted MAKI file, where memmove is used in an insecure way with user controlled data. To exploit the vulnerability the attacker must convince the victim to install the generated mcvcore.maki file in the "scripts" directory of the default "Bento" skin, or generate a new skin using the crafted mcvcore.maki file. The module has been tested successfully on Windows XP SP3 and Windows 7 SP1. |
| id | MSF:EXPLOIT/WINDOWS/FILEFORMAT/WINAMP_MAKI_BOF |
| last seen | 2020-02-09 |
| modified | 2017-09-22 |
| published | 2012-09-10 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/winamp_maki_bof.rb |
| title | Winamp MAKI Buffer Overflow |
Nessus
| NASL family | Windows |
| NASL id | WINAMP_5552.NASL |
| description | The remote host is running Winamp, a media player for Windows. The version of Winamp installed on the remote host is earlier than 5.552. Such versions are reportedly affected by an integer overflow vulnerability when processing |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 38858 |
| published | 2009-05-22 |
| reporter | This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/38858 |
| title | Winamp < 5.552 Modern Skins Support Module (gen_ff.dll) MAKI File Handling Overflow |
Oval
| accepted | 2014-04-07T04:01:59.123-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow. | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:15683 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2012-07-20T09:18:28.692-04:00 | ||||||||||||
| title | Vulnerability in Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 | ||||||||||||
| version | 8 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/116403/winamp_maki_bof.rb.txt |
| id | PACKETSTORM:116403 |
| last seen | 2016-12-05 |
| published | 2012-09-11 |
| reporter | juan vazquez |
| source | https://packetstormsecurity.com/files/116403/Winamp-MAKI-Buffer-Overflow.html |
| title | Winamp MAKI Buffer Overflow |
References
- http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-parsing-vulnerability.html
- http://www.securityfocus.com/bid/35052
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50664
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15683
- https://www.exploit-db.com/exploits/8767
- https://www.exploit-db.com/exploits/8770
- https://www.exploit-db.com/exploits/8772
- https://www.exploit-db.com/exploits/8783