| ID |
CVE-2007-1921
|
| Summary |
LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption. To exploit this issue, an attacker must entice an unsuspecting user to use the affected application to open a specially crafted file. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 9.3 (as of 16-10-2018 - 16:41) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| refmap
via4
|
| bid | 23351 | | bugtraq | 20070406 AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero) | | misc | http://www.piotrbania.com/all/adv/nullsoft-winamp-libsndfile-adv.txt | | mlist | [dailydave] 20070406 AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero) | | osvdb | 34432 | | sectrack | 1017886 | | secunia | 24766 | | sreason | 2541 | | vupen | ADV-2007-1286 | | xf | winamp-libsndfile-code-execution(33481) |
|
| Last major update |
16-10-2018 - 16:41 |
| Published |
10-04-2007 - 23:19 |
| Last modified |
16-10-2018 - 16:41 |
