PT-2017-11447 · Nullsoft · Winamp

Published

2017-07-05

Updated

2017-07-21

CVE-2017-10726

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Winamp version 5.666 Build 3516

Description The issue allows attackers to execute arbitrary code or cause a denial of service via a crafted .flv file. It is related to the use of data from a faulting address as a return value.

Recommendations For Winamp version 5.666 Build 3516, avoid using the software to play .flv files until a fix is available. As a temporary workaround, consider disabling the playback of .flv files to minimize the risk of exploitation.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2017-10726

Affected Products

Winamp

PT-2017-11447 · Nullsoft · Winamp

CVE-2017-10726

Weakness Enumeration

Related Identifiers

Affected Products

References · 3