Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3137 — Winamp vulnerability

4 documents3 sources

Severity

9.3CRITICALNVD

EPSS

4.2%

top 11.25%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Nullsoft Winamp

Timeline

PublishedAug 26

Latest updateMay 17

Description

Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDnullsoft/winamp5.581

🔴Vulnerability Details

GHSA

GHSA-qq55-w39c-pxf8: Untrusted search path vulnerability in Nullsoft Winamp 5↗2022-05-17

▶

💥Exploits & PoCs

Exploit-DB

NullSoft Winamp 5.581 - 'wnaspi32.dll' DLL Hijacking↗2010-08-25

▶

Exploit-DB

Pre Classified Listings - SQL Injection↗2010-02-27

▶