Vulnerability CVE-2010-2586 - CERT Civis.Net

Vulnerability Name:

CVE-2010-2586 (CCN-63503)

Assigned:

2010-11-30

Published:

2010-11-30

Updated:

2018-10-10

Summary:

Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2010-2586

Source: MITRE
Type: CNA
CVE-2010-4372

Source: CONFIRM
Type: UNKNOWN
http://forums.winamp.com/showthread.php?t=324322

Source: CONFIRM
Type: UNKNOWN
http://forums.winamp.com/showthread.php?threadid=159785

Source: CCN
Type: SA42004
Winamp Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
42004

Source: CCN
Type: Secunia Research 30/11/2010
Winamp NSV Table of Contents Parsing Integer Overflow

Source: MISC
Type: Vendor Advisory
http://secunia.com/secunia_research/2010-127/

Source: CCN
Type: OSVDB ID: 69534
Winamp in_nsv.dll NSV Table of Contents Data Overflow

Source: CCN
Type: OSVDB ID: 69597
Winamp in_nsv Plugin NSV Metadata Memory Allocation Overflow

Source: BUGTRAQ
Type: UNKNOWN
20101201 Secunia Research: Winamp NSV Table of Contents Parsing Integer Overflow

Source: CCN
Type: BID-45097
Winamp Prior to 5.6 Multiple Vulnerabilities

Source: CCN
Type: Winamp Web site
Winamp Media Player - MP3, Video, and Music Player - Winamp

Source: XF
Type: UNKNOWN
winamp-innsv-bo(63503)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:12587

Vulnerable Configuration:

Configuration 1:

cpe:/a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:0.92:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:1.006:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:1.90:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:2.0:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:2.6:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:2.9:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:2.10:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:2.91:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:2.92:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:2.95:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.0:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.01:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.02:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.2:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.03:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.3:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.04:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.05:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.5:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.06:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.07:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.09:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.11:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.12:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.13:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.21:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.22:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.23:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.24:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.31:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.32:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.33:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.34:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.35:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.51:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.52:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.53:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.54:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.55:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.56:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.58:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.091:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.093:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.094:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.111:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.112:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.531:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.541:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.551:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.552:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.572:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:*:*:*:*:*:*:*:* (Version <= 5.581)

Configuration CCN 1:

cpe:/a:nullsoft:winamp:5.581:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:12587	V	Multiple integer overflow vulnerabilities in the in_nsv plugin in Winamp before 5.6	2012-08-13