AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero)

2007.04.12
Credit: Piotr Bania
Risk: Medium
Local: Yes
Remote: No
CWE: CWE-Other


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero) by Piotr Bania <bania.piotr (at) gmail (dot) com [email concealed]> http://www.piotrbania.com Severity: Critical - Possible remote code execution. Software affected: Tested on AOL Nullsoft Winamp v5.33 (x86) Feb 13 2007 (on Windows XP SP1/SP2). There exist a large possiblity that any other software that is using the LIBSNDFILE.DLL component should be considered as vulnerable. Orginal url: http://www.piotrbania.com/all/adv/nullsoft-winamp-libsndfile-adv.txt best regards, pb -- -------------------------------------------------------------------- Piotr Bania - <bania.piotr (at) gmail (dot) com [email concealed]> - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33 http://www.piotrbania.com - Key ID: 0xBE43AC33 -------------------------------------------------------------------- - "The more I learn about men, the more I love dogs."


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top