| Vulnerability Name: | CVE-2007-2498 (CCN-34030) | ||||||||
| Assigned: | 2007-04-30 | ||||||||
| Published: | 2007-04-30 | ||||||||
| Updated: | 2017-10-11 | ||||||||
| Summary: | libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. Note: some of these details are obtained from third party information. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 8.4 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:UR)
4.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:F/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-2498 Source: CCN Type: SA25089 Winamp MP4 File Handling Memory Corruption Vulnerability Source: SECUNIA Type: Vendor Advisory 25089 Source: CCN Type: SECTRACK ID: 1017993 Winamp MP4 Bug Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1017993 Source: CCN Type: OSVDB ID: 34433 Winamp MP4 File Handling Memory Corruption Source: CCN Type: OSVDB ID: 41695 Winamp MP4 File Crafted Unicode Handling Overflow Source: BID Type: Exploit 23723 Source: CCN Type: BID-23723 Winamp MP4 File Parsing Buffer Overflow Vulnerability Source: VUPEN Type: UNKNOWN ADV-2007-1594 Source: CCN Type: Nullsoft Winamp Web site Winamp Media Player MP3 Player, Free MP3 Music, Videos, SHOUTcast Radio, Winamp Skins and Plug-ins, Sync your iPod, Get Mobile Music Source: XF Type: UNKNOWN winamp-mp4-code-execution(34030) Source: XF Type: UNKNOWN winamp-mp4-code-execution(34030) Source: EXPLOIT-DB Type: UNKNOWN 3823 | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||