Vulnerabilities > CVE-2010-3137 - Unspecified vulnerability in Nullsoft Winamp 5.581
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Nullsoft Winamp 5.581 DLL Hijacking Exploit (wnaspi32.dll). CVE-2010-3137. Local exploit for windows platform |
| file | exploits/windows/local/14789.c |
| id | EDB-ID:14789 |
| last seen | 2016-02-01 |
| modified | 2010-08-25 |
| platform | windows |
| port | |
| published | 2010-08-25 |
| reporter | LiquidWorm |
| source | https://www.exploit-db.com/download/14789/ |
| title | Nullsoft Winamp 5.581 - DLL Hijacking Exploit wnaspi32.dll |
| type | local |
Nessus
| NASL family | Windows |
| NASL id | WINAMP_559_3033.NASL |
| description | The remote host is running Winamp, a media player for Windows. The version of Winamp installed on the remote host is earlier than 5.59 build 3033. Such versions are potentially affected by multiple vulnerabilities : - Winamp loads libraries in an insecure manner. (CVE-2010-3137) - An integer overflow vulnerability exists in the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 50379 |
| published | 2010-10-28 |
| reporter | This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/50379 |
| title | Winamp < 5.59 build 3033 Multiple Vulnerabilities |
Oval
| accepted | 2014-09-29T04:00:26.867-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file. | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:6874 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-09-23T15:14:45 | ||||||||||||
| title | Untrusted search path vulnerability in Nullsoft Winamp 5.581 and probably other versions | ||||||||||||
| version | 8 |
References
- http://secunia.com/advisories/41093
- http://secunia.com/advisories/41093
- http://www.cs.ucdavis.edu/research/tech-reports/2010/CSE-2010-2.pdf
- http://www.cs.ucdavis.edu/research/tech-reports/2010/CSE-2010-2.pdf
- http://www.exploit-db.com/exploits/14789
- http://www.exploit-db.com/exploits/14789
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6874
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6874