NASLDB: Winamp < 5.552 Modern Skins Support Module (gen_ff.dll) MAKI File Handling Overflow
General
ID: 38858
Name: Winamp < 5.552 Modern Skins Support Module (gen_ff.dll) MAKI File Handling Overflow
Summary: Checks the version number of Winamp
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:ND
Port: –
Family: Windows
Type: Local
Description
The remote host is running Winamp, a media player for Windows.
The version of Winamp installed on the remote host is earlier than
5.552. Such versions are reportedly affected by an integer overflow
vulnerability when processing ‘.maki’ files. An attacker
could exploit this to execute arbitrary code in the context of the
affected application.
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: CVE-2009-1831
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2009/05/22
Plugin
Version: 1.11
Filename: winamp_5552.nasl
Filesize: 3100 bytes
MD5 Hash: 6c86336fae985eae98381d36d6773a6e
Identification: SMB/Winamp/Version
Require Keys: SMB/Winamp/Version
Dependencies: "winamp_in_cdda_buffer_overflow.nasl"
Copyright: This script is Copyright© 2009-2012 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack