Input validation error in Nullsoft Winamp



| Updated: 2020-08-08
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2013-4695
CWE-ID CWE-20
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
 Winamp
Client/Desktop applications / Multimedia software

Vendor Nullsoft

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Input validation error

EUVDB-ID: #VU34936

Risk: High

CVSSv4.0: 7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2013-4695

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution

Mitigation

Install update from vendor's website.

Vulnerable software versions

Winamp: 5.63

CPE2.3 External links

https://www.exploit-db.com/exploits/26557
https://www.securitytracker.com/id/1030107


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###