CVE-2010-3137
NullSoft Winamp 5.581 - 'wnaspi32.dll' DLL Hijacking
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file.
Vulnerabilidad de ruta de búsqueda no confiable en Nullsoft Winamp v5.581 y probablemente en otras versiones, permiten a usuarios locales y posiblemente a atacantes remotos, ejecutar código de su elección y llevar a cabo ataques de secuestro de DLL a través de un troyano wnaspi32.dll que se encuentra en la misma carpeta como un archivo .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf o .cda
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-08-25 First Exploit
- 2010-08-26 CVE Reserved
- 2010-08-26 CVE Published
- 2024-01-22 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/41093 | Third Party Advisory | |
| http://www.cs.ucdavis.edu/research/tech-reports/2010/CSE-2010-2.pdf | X_refsource_misc | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6874 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/14789 | 2010-08-25 | |
| http://www.exploit-db.com/exploits/14789 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|