Vulnerabilities > CVE-2010-2586 - Numeric Errors vulnerability in Nullsoft Winamp

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

nullsoft

CWE-189

critical

nessus

NVD

Published: 2010-12-02

Updated: 2018-10-10

Summary

Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow.

Vulnerable Configurations

Part	Description	Count
Application	Nullsoft Nullsoft Winamp 0.20A Nullsoft Winamp 0.92 Nullsoft Winamp 1.006 Nullsoft Winamp 1.90 Nullsoft Winamp 2.0 Nullsoft Winamp 2.6 Nullsoft Winamp 2.9 Nullsoft Winamp 2.10 Nullsoft Winamp 2.91 Nullsoft Winamp 2.92 Nullsoft Winamp 2.95 Nullsoft Winamp 5.0 Nullsoft Winamp 5.01 Nullsoft Winamp 5.1 Nullsoft Winamp 5.02 Nullsoft Winamp 5.2 Nullsoft Winamp 5.03 Nullsoft Winamp 5.3 Nullsoft Winamp 5.04 Nullsoft Winamp 5.05 Nullsoft Winamp 5.5 Nullsoft Winamp 5.06 Nullsoft Winamp 5.07 Nullsoft Winamp 5.08C Nullsoft Winamp 5.08D Nullsoft Winamp 5.08E Nullsoft Winamp 5.09 Nullsoft Winamp 5.11 Nullsoft Winamp 5.12 Nullsoft Winamp 5.13 Nullsoft Winamp 5.21 Nullsoft Winamp 5.22 Nullsoft Winamp 5.23 Nullsoft Winamp 5.24 Nullsoft Winamp 5.31 Nullsoft Winamp 5.32 Nullsoft Winamp 5.33 Nullsoft Winamp 5.34 Nullsoft Winamp 5.35 Nullsoft Winamp 5.51 Nullsoft Winamp 5.52 Nullsoft Winamp 5.53 Nullsoft Winamp 5.54 Nullsoft Winamp 5.55 Nullsoft Winamp 5.56 Nullsoft Winamp 5.58 Nullsoft Winamp 5.091 Nullsoft Winamp 5.093 Nullsoft Winamp 5.094 Nullsoft Winamp 5.111 Nullsoft Winamp 5.112 Nullsoft Winamp 5.531 Nullsoft Winamp 5.541 Nullsoft Winamp 5.551 Nullsoft Winamp 5.552 Nullsoft Winamp 5.572 Nullsoft Winamp 5.36 Nullsoft Winamp 5.57 Nullsoft Winamp 5.59 Nullsoft Winamp 5.61 Nullsoft Winamp 5.63 Nullsoft Winamp 5.581	65

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	Windows
NASL id	WINAMP_56.NASL
description	The remote host is running Winamp, a media player for Windows. The version of Winamp installed on the remote host is earlier than 5.6. Such versions are potentially affected by the following vulnerabilities : - An integer overflow vulnerability exists in the
last seen	2020-06-01
modified	2020-06-02
plugin id	50846
published	2010-11-30
reporter	This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/50846
title	Winamp < 5.6 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(50846); script_version("1.15"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id( "CVE-2010-2586", "CVE-2010-4370", "CVE-2010-4371", "CVE-2010-4372", "CVE-2010-4373", "CVE-2010-4374" ); script_bugtraq_id(45097); script_xref(name:"Secunia", value:"42004"); script_name(english:"Winamp < 5.6 Multiple Vulnerabilities"); script_summary(english:"Checks the version number of Winamp"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a multimedia application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is running Winamp, a media player for Windows. The version of Winamp installed on the remote host is earlier than 5.6. Such versions are potentially affected by the following vulnerabilities : - An integer overflow vulnerability exists in the 'in_nsv.dll' plugin when parsing the table of contents of a NullSoft Video (NSV) stream or file. (CVE-2010-2586) - A heap-based buffer overflow vulnerability exists in the 'in_midi.dll' plugin when parsing MIDI content. (CVE-2010-4370) - A buffer overflow vulnerability exists in the 'in_mod' plugin and is related to the comment box. (CVE-2010-4371) - Another integer overflow vulnerability exists in the 'in_nsv' plugin due to improper memory allocation for Nullsoft Video (NSV) metadata. (CVE-2010-4372) - An error exists in the 'in_mp4' plugin which allows remote attackers to use either crafted metadata or album art in an MP4 file to cause a denial of service. (CVE-2010-4373) - An error exists in the 'in_mkv' plugin which allows remote attackers to use a crafted Matroska Video (MKV) file to cause a denial of service. (CVE-2010-4374)" ); script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/secunia_research/2010-127/"); script_set_attribute(attribute:"see_also", value:"http://forums.winamp.com/showthread.php?threadid=159785"); script_set_attribute(attribute:"see_also", value:"http://forums.winamp.com/showthread.php?t=324322"); script_set_attribute(attribute:"solution", value:"Upgrade to Winamp 5.6 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/30"); script_set_attribute(attribute:"patch_publication_date", value:"2010/11/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/30"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:nullsoft:winamp"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("winamp_in_cdda_buffer_overflow.nasl"); script_require_keys("SMB/Winamp/Version"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("SMB/Winamp/Version"); fixed_version = '5.6'; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { if (report_verbosity > 0) { path = get_kb_item("SMB/Winamp/Path"); if (isnull(path)) path = 'n/a'; report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); exit(0); } else exit(0, "The remote host is not affected since Winamp " + version + " is installed.");

Oval

accepted

2012-08-13T04:00:06.330-04:00

class

vulnerability

contributors

name SecPod Team
organization SecPod Technologies
name Shane Shaffer
organization G2, Inc.
name Shane Shaffer
organization G2, Inc.

definition_extensions

comment	Winamp is installed
oval	oval:org.mitre.oval:def:6897

description

family

windows

oval:org.mitre.oval:def:12587

status

accepted

submitted

2011-03-18T13:47:07

title

Multiple integer overflow vulnerabilities in the in_nsv plugin in Winamp before 5.6

version

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Oval

References