Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1831 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Winamp

CWE-1898 documents4 sources

Severity

9.3CRITICALNVD

EPSS

81.2%

top 0.83%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Nullsoft Winamp

Timeline

PublishedMay 29

Latest updateMay 2

Description

The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDnullsoft/winamp5.55+73

🔴Vulnerability Details

GHSA

GHSA-3hhm-c9rq-5x5x: The Nullsoft Modern Skins Support module (gen_ff↗2022-05-02

▶

💥Exploits & PoCs

Exploit-DB

Winamp - MAKI Buffer Overflow (Metasploit)↗2012-09-12

▶

Exploit-DB

Winamp 5.551 - MAKI Parsing Integer Overflow↗2009-05-26

▶

Exploit-DB

Winamp 5.551 - MAKI Parsing Integer Overflow (PoC)↗2009-05-22

▶

Exploit-DB

Winamp 5.55 - MAKI script Universal Integer Overflow↗2009-05-22

▶

Exploit-DB

Winamp 5.55 - MAKI Script Universal Overwrite (SEH)↗2009-05-22

▶