CVSS: 4.3EPSS: 1%CPEs: 55EXPL: 3CVE-2014-3442 – Winamp - '.flv' File Processing Memory Corruption
https://notcve.org/view.php?id=CVE-2014-3442
Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s. Winamp 5.666 y anteriores permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída) a través de un archivo .FLV malformado, relacionado con f263.w5s. WinAMP versions 5.666 build 3516 and below suffer from a memory corruption vulnerability. • https://www.exploit-db.com/exploits/39180 http://packetstormsecurity.com/files/126636 http://www.securityfocus.com/bid/67429 https://exchange.xforce.ibmcloud.com/vulnerabilities/93173 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 17%CPEs: 66EXPL: 8CVE-2013-4694 – Winamp 5.63 - Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-4694
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk. Desbordamiento de buffer basado en pila en gen_jumpex.dll en Winamp anterior a 5.64 Build 3418 permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un paquete con un nombre de directorio Skin largo. NOTA: un segundo desbordamiento de buffer involucrando un campo de búsqueda GUI largo hacia ml_local.dll fue también reportado. • https://www.exploit-db.com/exploits/26558 https://www.exploit-db.com/exploits/27874 http://forums.winamp.com/showthread.php?t=364291 http://osvdb.org/94739 http://osvdb.org/94740 http://packetstormsecurity.com/files/122239/WinAmp-5.63-Buffer-Overflow.html http://packetstormsecurity.com/files/122978 http://seclists.org/fulldisclosure/2013/Jul/4 http://www.exploit-db.com/exploits/26558 http://www.securityfocus.com/bid/60883 http://www.securitytracker.com/id/1030107 https:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 62EXPL: 0CVE-2012-3890
https://notcve.org/view.php?id=CVE-2012-3890
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file. El plug-in in_mod en Winamp antes de v5.63 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria dinamica 'heap') o posiblemente tener un impacto no especificado a través de un fichero .IT. • http://forums.winamp.com/showthread.php?t=345684 http://secunia.com/advisories/46624 http://www.securityfocus.com/bid/54131 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15553 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 62EXPL: 0CVE-2012-3889
https://notcve.org/view.php?id=CVE-2012-3889
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file. El plug-in in_mod de Winamp antes de v5.63 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de un fichero .IT. • http://forums.winamp.com/showthread.php?t=345684 http://secunia.com/advisories/46624 http://www.securityfocus.com/bid/54131 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14748 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 60EXPL: 0CVE-2011-4857
https://notcve.org/view.php?id=CVE-2011-4857
Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file. NOTE: some of these details are obtained from third party information. Desbordamiento de buffer de memoria dinámica en el complemento in_mod.dll de Winamp en versiones anteriores a la 5.623 permite a atacantes remotos ejecutar código arbitrario a través de datos de canciones modificados de un archivo Impulse Tracker (IT). NOTA: algunos de estos detalles han sido obtenidos de información de terceras partes. • http://forums.winamp.com/showthread.php?t=332010 http://secunia.com/advisories/46882 https://exchange.xforce.ibmcloud.com/vulnerabilities/72054 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15351 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •