Vulnerability CVE-2013-4694 - CERT Civis.Net

Vulnerability Name:

CVE-2013-4694 (CCN-85399)

Assigned:

2013-07-01

Published:

2013-07-01

Updated:

2017-08-29

Summary:

Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name.
Note: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2013-4694

Source: CONFIRM
Type: Patch, Vendor Advisory
http://forums.winamp.com/showthread.php?t=364291

Source: OSVDB
Type: UNKNOWN
94739

Source: OSVDB
Type: UNKNOWN
94740

Source: MISC
Type: Exploit
http://packetstormsecurity.com/files/122239/WinAmp-5.63-Buffer-Overflow.html

Source: MISC
Type: Exploit
http://packetstormsecurity.com/files/122978

Source: CCN
Type: Full-Disclosure Mailing List, Mon, 01 Jul 2013 19:53:12 +0200
[CVE-2013-4694] WinAmp v5.63 gen_jumpex.dll and ml_local.dll Multiple Buffer Overflows

Source: FULLDISC
Type: Exploit
20130701 [CVE-2013-4694] WinAmp v5.63 gen_jumpex.dll and ml_local.dll Multiple Buffer Overflows

Source: EXPLOIT-DB
Type: Exploit
26558

Source: BID
Type: Exploit
60883

Source: CCN
Type: BID-60883
Winamp CVE-2013-4694 Multiple Stack Buffer Overflow Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1030107

Source: CCN
Type: Winamp Web site
Winamp Media Player - MP3, Video, and Music Player - Winamp

Source: XF
Type: UNKNOWN
winamp-cve20134694-bo(85399)

Source: XF
Type: UNKNOWN
winamp-cve20134694-bo(85399)

Source: CCN
Type: Packet Storm Security [7-01-2013]
WinAmp 5.63 Buffer Overflow

Source: CCN
Type: Packet Storm Security [08-27-2013]
WinAmp 5.63 Buffer Overflow

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [07-02-2013]

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [08-26-2013]

Source: MISC
Type: Exploit
https://www.rcesecurity.com/2013/07/winamp-v5-64-fixes-several-code-execution-vulnerabilities-cve-2013-4694-cve-2013-4695

Vulnerable Configuration:

Configuration 1:

cpe:/a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:0.92:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:1.006:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:1.90:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:2.0:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:2.6:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:2.9:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:2.10:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:2.91:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:2.92:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:2.95:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.0:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.01:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.02:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.2:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.03:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.3:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.04:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.05:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.5:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.06:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.07:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.09:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.11:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.12:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.13:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.21:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.22:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.23:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.24:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.31:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.32:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.33:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.34:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.35:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.36:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.51:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.51:beta:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.52:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.53:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.54:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.54:beta:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.55:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.55:beta:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.56:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.57:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.58:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.59:beta:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.61:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:*:*:*:*:*:*:*:* (Version <= 5.63)

OR cpe:/a:nullsoft:winamp:5.091:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.093:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.094:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.111:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.112:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.531:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.541:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.551:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.552:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.572:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.581:*:*:*:*:*:*:*

OR cpe:/a:nullsoft:winamp:5.623:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:nullsoft:winamp:5.63:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:26031	V	Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418	2014-10-20