CVE-2009-1831

The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
nullsoftwinamp
𝑥
≤ 5.55
nullsoftwinamp
2.0
nullsoftwinamp
2.4
nullsoftwinamp
2.5e:e
nullsoftwinamp
2.6x:x
nullsoftwinamp
2.7x:x
nullsoftwinamp
2.10
nullsoftwinamp
2.24
nullsoftwinamp
2.50
nullsoftwinamp
2.60
nullsoftwinamp
2.60
nullsoftwinamp
2.60
nullsoftwinamp
2.61
nullsoftwinamp
2.61
nullsoftwinamp
2.62
nullsoftwinamp
2.62
nullsoftwinamp
2.64
nullsoftwinamp
2.64
nullsoftwinamp
2.65
nullsoftwinamp
2.70
nullsoftwinamp
2.70
nullsoftwinamp
2.71
nullsoftwinamp
2.72
nullsoftwinamp
2.73
nullsoftwinamp
2.73
nullsoftwinamp
2.74
nullsoftwinamp
2.75
nullsoftwinamp
2.76
nullsoftwinamp
2.77
nullsoftwinamp
2.78
nullsoftwinamp
2.79
nullsoftwinamp
2.80
nullsoftwinamp
2.81
nullsoftwinamp
2.90
nullsoftwinamp
2.91
nullsoftwinamp
2.95
nullsoftwinamp
3.0
nullsoftwinamp
3.1
nullsoftwinamp
5.0
nullsoftwinamp
5.0.1
nullsoftwinamp
5.0.2
nullsoftwinamp
5.01
nullsoftwinamp
5.1
nullsoftwinamp
5.02
nullsoftwinamp
5.2
nullsoftwinamp
5.3
nullsoftwinamp
5.03
nullsoftwinamp
5.03a:a
nullsoftwinamp
5.04
nullsoftwinamp
5.05
nullsoftwinamp
5.5
nullsoftwinamp
5.06
nullsoftwinamp
5.07
nullsoftwinamp
5.08
nullsoftwinamp
5.08:c
nullsoftwinamp
5.08:d
nullsoftwinamp
5.08:e
nullsoftwinamp
5.08c:c
nullsoftwinamp
5.08d:d
nullsoftwinamp
5.08e:e
nullsoftwinamp
5.09
nullsoftwinamp
5.11
nullsoftwinamp
5.12
nullsoftwinamp
5.13
nullsoftwinamp
5.21
nullsoftwinamp
5.22
nullsoftwinamp
5.23
nullsoftwinamp
5.24
nullsoftwinamp
5.31
nullsoftwinamp
5.32
nullsoftwinamp
5.33
nullsoftwinamp
5.34
nullsoftwinamp
5.35
nullsoftwinamp
5.36
nullsoftwinamp
5.51
nullsoftwinamp
5.52
nullsoftwinamp
5.53
nullsoftwinamp
5.54
nullsoftwinamp
5.091
nullsoftwinamp
5.093
nullsoftwinamp
5.094
nullsoftwinamp
5.111
nullsoftwinamp
5.112
nullsoftwinamp
5.541
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-parsing-vulnerability.html
http://www.securityfocus.com/bid/35052
https://exchange.xforce.ibmcloud.com/vulnerabilities/50664
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15683
https://www.exploit-db.com/exploits/8767
https://www.exploit-db.com/exploits/8770
https://www.exploit-db.com/exploits/8772
https://www.exploit-db.com/exploits/8783
http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-parsing-vulnerability.html
http://www.securityfocus.com/bid/35052
https://exchange.xforce.ibmcloud.com/vulnerabilities/50664
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15683
https://www.exploit-db.com/exploits/8767
https://www.exploit-db.com/exploits/8770
https://www.exploit-db.com/exploits/8772
https://www.exploit-db.com/exploits/8783