Executive Summary

Informations
Name CVE-2010-1523 First vendor Publication 2010-11-05
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1523

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12056
 
Oval ID: oval:org.mitre.oval:def:12056
Title: Multiple heap-based buffer overflow vulnerability in vp6.w5s (aka the VP6 codec) in Winamp earlier versions 5.59 Beta build 3033
Description: Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1523
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Winamp
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 108

OpenVAS Exploits

Date Description
2010-11-16 Name : Winamp VP6 Content Parsing Buffer Overflow Vulnerability
File : nvt/gb_winamp_vp6_codec_bof_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
69206 Winamp vp6.w5s Crafted VP6 File / Stream Handling Overflow

Winamp is prone to an overflow condition. The vp6.w5s codec fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted V6 video stream or file, a context-dependent attacker can potentially execute arbitrary code.

Nessus® Vulnerability Scanner

Date Description
2010-10-28 Name : The remote Windows host contains a multimedia application that is affected by...
File : winamp_559_3033.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://forums.winamp.com/showthread.php?t=322995
http://secunia.com/secunia_research/2010-95/
http://www.securityfocus.com/archive/1/514484/100/0/threaded
http://www.securityfocus.com/bid/44466
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
Date Informations
2024-11-28 23:07:02
  • Multiple Updates
2024-11-28 12:21:47
  • Multiple Updates
2021-05-05 01:06:56
  • Multiple Updates
2021-05-04 12:11:29
  • Multiple Updates
2021-04-22 01:12:05
  • Multiple Updates
2020-05-23 01:42:00
  • Multiple Updates
2020-05-23 00:25:41
  • Multiple Updates
2018-10-11 00:19:51
  • Multiple Updates
2017-09-19 09:23:45
  • Multiple Updates
2016-04-26 19:45:44
  • Multiple Updates
2014-02-17 10:55:01
  • Multiple Updates
2013-05-10 23:23:24
  • Multiple Updates