Описание
Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Patch
- US Government Resource
- Patch
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Patch
- US Government Resource
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*
cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.41483
Средний
9.3 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags.
EPSS
Процентиль: 97%
0.41483
Средний
9.3 Critical
CVSS2
Дефекты
NVD-CWE-Other