Vulnerability CVE-2004-1896

Vulnerability Name:

CVE-2004-1896 (CCN-15727)

Assigned:

2004-04-05

Published:

2004-04-05

Updated:

2017-07-11

Summary:

Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file.

CVSS v3 Severity:

9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2004-1896

Source: BUGTRAQ
Type: UNKNOWN
20040405 NGSSoftware Insight Security Research Advisory

Source: CCN
Type: SA11285
Winamp "in_mod.dll" Heap Overflow Vulnerability

Source: SECUNIA
Type: Patch
11285

Source: CCN
Type: SECTRACK ID: 1009660
Winamp Fasttracker 2 File `in_mod.dll` Heap Overflow Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1009660

Source: MISC
Type: Patch
http://www.nextgenss.com/advisories/winampheap.txt

Source: CCN
Type: NGSSoftware Insight Security Research Advisory #NISR05042004
Nullsoft Winamp 'in_mod.dll' Heap Overflow

Source: OSVDB
Type: UNKNOWN
4944

Source: CCN
Type: OSVDB ID: 4944
Winamp Fasttracker 2 Plug-In in_mod.dll Overflow

Source: BID
Type: Patch
10045

Source: CCN
Type: BID-10045
NullSoft Winamp in_mod.dll Plug-in Heap Overflow Vulnerability

Source: CCN
Type: Winamp Web site
WINAMP.COM | Doing our best to keep the spirit of Bam Bam Bigalow alive.

Source: XF
Type: UNKNOWN
winamp-inmod-bo(15727)

Source: XF
Type: UNKNOWN
winamp-inmod-bo(15727)

Vulnerable Configuration:

Configuration 1:

cpe:/a:nullsoft:winamp:2.91:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:3.0:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:3.1:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.0.1:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.0.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK