Vulnerability Details CVE-2007-1922
The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.149
EPSS Ranking 94.2%
CVSS Severity
CVSS v2 Score 9.3
References
- http://marc.info/?l=dailydave&m=117589949000906&w=2
- http://marc.info/?l=dailydave&m=117590046601511&w=2
- http://osvdb.org/34430
- http://osvdb.org/34431
- http://securityreason.com/securityalert/2532
- http://www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in_mod-adv.txt
- http://www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-in_mod-adv.txt
- http://www.securityfocus.com/archive/1/464890/100/0/threaded
- http://www.securityfocus.com/archive/1/464893/100/0/threaded
- http://www.securityfocus.com/bid/23350
- http://www.securitytracker.com/id?1017886
- http://www.vupen.com/english/advisories/2007/1286
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33480
- http://marc.info/?l=dailydave&m=117589949000906&w=2
- http://marc.info/?l=dailydave&m=117590046601511&w=2
- http://osvdb.org/34430
- http://osvdb.org/34431
- http://securityreason.com/securityalert/2532
- http://www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in_mod-adv.txt
- http://www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-in_mod-adv.txt
- http://www.securityfocus.com/archive/1/464890/100/0/threaded
- http://www.securityfocus.com/archive/1/464893/100/0/threaded
- http://www.securityfocus.com/bid/23350
- http://www.securitytracker.com/id?1017886
- http://www.vupen.com/english/advisories/2007/1286
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33480