CVE-2008-3441
published 2008-08-01CVE-2008-3441: Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a…
PriorityP336high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.53%
83.0th percentile
Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nullsoft | winamp | < 5.24 | 5.24 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.htmlhttp://securitytracker.com/id?1020582http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdfhttp://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gzhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15225http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.htmlhttp://securitytracker.com/id?1020582http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdfhttp://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gzhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15225
2008-08-01
Published