CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4392
https://notcve.org/view.php?id=CVE-2007-4392
Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself. Winamp 5.35 permite a atacantes remotos provocar una denegación de servicio (desbordamiento de pila de programa y caída de la aplicación) mediante un archivo M3U que se incluye a sí mismo recursivamente. • http://morph3us.org/advisories/20070730-winamp-5.35.txt http://securityreason.com/securityalert/3040 http://www.securityfocus.com/archive/1/475161/100/200/threaded http://www.securityfocus.com/archive/1/475183/100/200/threaded http://www.securityfocus.com/archive/1/475260/100/200/threaded http://www.securityfocus.com/archive/1/475489/100/200/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15504 •
CVSS: 9.3EPSS: 10%CPEs: 10EXPL: 2CVE-2007-2498 – Winamp 5.34 - '.mp4' Code Execution
https://notcve.org/view.php?id=CVE-2007-2498
libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information. libmp4v2.dll de Winamp 5.02 hasta 5.34 permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante un fichero .MP4 concreto. NOTA: algunos de estos detalles se han obtenido de información de terceros. • https://www.exploit-db.com/exploits/3823 http://secunia.com/advisories/25089 http://securitytracker.com/id?1017993 http://www.securityfocus.com/bid/23723 http://www.vupen.com/english/advisories/2007/1594 https://exchange.xforce.ibmcloud.com/vulnerabilities/34030 •
CVSS: 7.1EPSS: 1%CPEs: 1EXPL: 2CVE-2007-2180 – Winamp 5.3 - '.wmv' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-2180
Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file. Desbordamiento de búfer en Nullsoft Winamp 5.3 permite a atacantes con la intervención del usuario provocar denegación de servicio (caida) a través de ficheros WMV. • https://www.exploit-db.com/exploits/3768 http://securityreason.com/securityalert/2601 http://www.securityfocus.com/archive/1/466291/100/0/threaded http://www.securityfocus.com/bid/23568 https://exchange.xforce.ibmcloud.com/vulnerabilities/33764 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15697 •
CVSS: 9.3EPSS: 23%CPEs: 1EXPL: 0CVE-2007-1922
https://notcve.org/view.php?id=CVE-2007-1922
The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption. Los módulos Impulse Tracker (IT) y ScreamTracker 3 (S3M) en IN_MOD.DLL de AOL Nullsoft Winamp 5.33 permite a atacantes remotos ejecutar código de su elección mediante ficheros artesanales (1) .IT o (2) .S3M que contienen valores de enteros que son usados como delimitadores (offsets) de memoria, lo cual provoca una corrupción de memoria. • http://marc.info/?l=dailydave&m=117589949000906&w=2 http://marc.info/?l=dailydave&m=117590046601511&w=2 http://osvdb.org/34430 http://osvdb.org/34431 http://securityreason.com/securityalert/2532 http://www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in_mod-adv.txt http://www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-in_mod-adv.txt http://www.securityfocus.com/archive/1/464890/100/0/threaded http://www.securityfocus.com/archive/1/464893/100/0/threade • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 9%CPEs: 1EXPL: 0CVE-2007-1921
https://notcve.org/view.php?id=CVE-2007-1921
LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption. La biblioteca LIBSNDFILE.DLL, tal como es utilizado por AOL Nullsoft Winamp versión 5.33 y posiblemente otros productos, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo .MAT creado que contiene un valor que es usado como un offset, lo que desencadena una corrupción de memoria. • http://marc.info/?l=dailydave&m=117589848432659&w=2 http://osvdb.org/34432 http://secunia.com/advisories/24766 http://securityreason.com/securityalert/2541 http://www.piotrbania.com/all/adv/nullsoft-winamp-libsndfile-adv.txt http://www.securityfocus.com/archive/1/464889/100/0/threaded http://www.securityfocus.com/bid/23351 http://www.securitytracker.com/id?1017886 http://www.vupen.com/english/advisories/2007/1286 https://exchange.xforce.ibmcloud.com/vulnerabilities/33481 •