[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

252212

 
 

909

 
 

196748

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-5567Date: (C)2006-10-27   (M)2023-12-22


Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1017119
SECTRACK-1017120
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=432
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=431
BID-20744
SECUNIA-22580
ADV-2006-4196
VU#449092
http://www.winamp.com/player/version_history.php#5.31
winamp-lyrics3-bo(29807)
winamp-ultravox-bo(29804)

CPE    2
cpe:/a:nullsoft:winamp:5.3
cpe:/a:nullsoft:winamp:5.24

© SecPod Technologies