CVE-2011-3834

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow.

Múltiples desbordamientos de entero en el componente in_avi.dll de Winamp en versiones anteriores de 5.623. Permite a atacantes remotos ejecutar código arbitrario a través de un archivo AVI con un valor modificado de (1) el número de streams o (2) el tamaño de los conjuntos ("chunk") RIFF INFO, provocando un desbordamiento de memoria dinámica.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-09-26 CVE Reserved
2011-12-12 CVE Published
2024-08-06 CVE Updated
2024-11-13 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-189: Numeric Errors

CAPEC

References (4)

URL	Tag	Source
http://forums.winamp.com/showthread.php?t=332010	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14981	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/46882	2017-09-19
http://secunia.com/secunia_research/2011-81	2017-09-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				<= 5.622 Search vendor "Nullsoft" for product "Winamp" and version " <= 5.622"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				0.20a Search vendor "Nullsoft" for product "Winamp" and version "0.20a"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				0.92 Search vendor "Nullsoft" for product "Winamp" and version "0.92"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				1.006 Search vendor "Nullsoft" for product "Winamp" and version "1.006"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				1.90 Search vendor "Nullsoft" for product "Winamp" and version "1.90"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				2.0 Search vendor "Nullsoft" for product "Winamp" and version "2.0"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				2.6 Search vendor "Nullsoft" for product "Winamp" and version "2.6"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				2.9 Search vendor "Nullsoft" for product "Winamp" and version "2.9"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				2.10 Search vendor "Nullsoft" for product "Winamp" and version "2.10"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				2.91 Search vendor "Nullsoft" for product "Winamp" and version "2.91"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				2.92 Search vendor "Nullsoft" for product "Winamp" and version "2.92"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				2.95 Search vendor "Nullsoft" for product "Winamp" and version "2.95"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.0 Search vendor "Nullsoft" for product "Winamp" and version "5.0"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.01 Search vendor "Nullsoft" for product "Winamp" and version "5.01"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.1 Search vendor "Nullsoft" for product "Winamp" and version "5.1"		surround		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.02 Search vendor "Nullsoft" for product "Winamp" and version "5.02"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.2 Search vendor "Nullsoft" for product "Winamp" and version "5.2"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.3 Search vendor "Nullsoft" for product "Winamp" and version "5.3"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.03 Search vendor "Nullsoft" for product "Winamp" and version "5.03"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.04 Search vendor "Nullsoft" for product "Winamp" and version "5.04"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.05 Search vendor "Nullsoft" for product "Winamp" and version "5.05"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.5 Search vendor "Nullsoft" for product "Winamp" and version "5.5"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.6 Search vendor "Nullsoft" for product "Winamp" and version "5.6"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.06 Search vendor "Nullsoft" for product "Winamp" and version "5.06"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.07 Search vendor "Nullsoft" for product "Winamp" and version "5.07"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.08c Search vendor "Nullsoft" for product "Winamp" and version "5.08c"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.08d Search vendor "Nullsoft" for product "Winamp" and version "5.08d"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.08e Search vendor "Nullsoft" for product "Winamp" and version "5.08e"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.09 Search vendor "Nullsoft" for product "Winamp" and version "5.09"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.11 Search vendor "Nullsoft" for product "Winamp" and version "5.11"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.12 Search vendor "Nullsoft" for product "Winamp" and version "5.12"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.13 Search vendor "Nullsoft" for product "Winamp" and version "5.13"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.21 Search vendor "Nullsoft" for product "Winamp" and version "5.21"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.22 Search vendor "Nullsoft" for product "Winamp" and version "5.22"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.23 Search vendor "Nullsoft" for product "Winamp" and version "5.23"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.24 Search vendor "Nullsoft" for product "Winamp" and version "5.24"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.31 Search vendor "Nullsoft" for product "Winamp" and version "5.31"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.32 Search vendor "Nullsoft" for product "Winamp" and version "5.32"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.33 Search vendor "Nullsoft" for product "Winamp" and version "5.33"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.34 Search vendor "Nullsoft" for product "Winamp" and version "5.34"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.35 Search vendor "Nullsoft" for product "Winamp" and version "5.35"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.51 Search vendor "Nullsoft" for product "Winamp" and version "5.51"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.52 Search vendor "Nullsoft" for product "Winamp" and version "5.52"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.53 Search vendor "Nullsoft" for product "Winamp" and version "5.53"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.54 Search vendor "Nullsoft" for product "Winamp" and version "5.54"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.55 Search vendor "Nullsoft" for product "Winamp" and version "5.55"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.56 Search vendor "Nullsoft" for product "Winamp" and version "5.56"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.57 Search vendor "Nullsoft" for product "Winamp" and version "5.57"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.58 Search vendor "Nullsoft" for product "Winamp" and version "5.58"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.091 Search vendor "Nullsoft" for product "Winamp" and version "5.091"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.093 Search vendor "Nullsoft" for product "Winamp" and version "5.093"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.094 Search vendor "Nullsoft" for product "Winamp" and version "5.094"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.111 Search vendor "Nullsoft" for product "Winamp" and version "5.111"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.112 Search vendor "Nullsoft" for product "Winamp" and version "5.112"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.531 Search vendor "Nullsoft" for product "Winamp" and version "5.531"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.541 Search vendor "Nullsoft" for product "Winamp" and version "5.541"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.551 Search vendor "Nullsoft" for product "Winamp" and version "5.551"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.552 Search vendor "Nullsoft" for product "Winamp" and version "5.552"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.572 Search vendor "Nullsoft" for product "Winamp" and version "5.572"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				5.581 Search vendor "Nullsoft" for product "Winamp" and version "5.581"		-		Affected