Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2013-4694 | First vendor Publication | 2014-04-16 |
Vendor | Cve | Last vendor Modification | 2017-08-29 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4694 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:26031 | |||
Oval ID: | oval:org.mitre.oval:def:26031 | ||
Title: | Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 | ||
Description: | Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-4694 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Winamp |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2013-07-02 | WinAmp 5.63 - Stack-based Buffer Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-09 | Name : The remote Windows host contains a multimedia application that is affected by... File : winamp_564.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-05 01:13:25 |
|
2021-05-04 12:27:30 |
|
2021-04-22 01:33:18 |
|
2020-05-24 01:12:10 |
|
2020-05-23 00:38:09 |
|
2017-08-29 09:24:19 |
|
2016-06-28 19:40:51 |
|
2016-04-26 23:35:36 |
|
2014-05-20 09:20:48 |
|
2014-05-07 21:24:37 |
|
2014-04-18 13:26:16 |
|
2014-04-17 13:25:57 |
|