fkie_cve-2007-2498
Vulnerability from fkie_nvd
Published
2007-05-04 00:19
Modified
2024-11-21 00:30
Severity ?
Summary
libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information.
References
cve@mitre.orghttp://secunia.com/advisories/25089Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1017993
cve@mitre.orghttp://www.securityfocus.com/bid/23723Exploit
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/1594
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/34030
cve@mitre.orghttps://www.exploit-db.com/exploits/3823
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25089Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017993
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/23723Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1594
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/34030
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/3823
Impacted products
Vendor Product Version
nullsoft winamp 5.2
nullsoft winamp 5.3
nullsoft winamp 5.21
nullsoft winamp 5.22
nullsoft winamp 5.23
nullsoft winamp 5.24
nullsoft winamp 5.31
nullsoft winamp 5.32
nullsoft winamp 5.33
nullsoft winamp 5.34


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "libmp4v2.dll de Winamp 5.02 hasta 5.34 permite a atacantes remotos con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante  un fichero .MP4 concreto.\r\nNOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2007-2498",
  "lastModified": "2024-11-21T00:30:56.197",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-05-04T00:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25089"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017993"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/23723"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1594"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34030"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/3823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017993"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/23723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1594"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/3823"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.