Published: 27/10/2006 Updated: 11/10/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Multiple heap-based buffer overflows in AOL Nullsoft WinAmp prior to 5.31 allow user-assisted remote malicious users to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nullsoft winamp 5.24
nullsoft winamp 5.3

/************************************************************************************ Nullsoft Winamp < 531 Ultravox "Ultravox-Max-Msg" Heap Overflow Dos POC by cocoruder(frankruder_at_hotmailcom),2006/10/30 use like "winamp_unsvexe ultravox-max-msg_value",then the winamp_unsv(simple ultravox server) will listen on tcp port 80,when winamp ...

NVD-CWE-Other http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=432 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=431 http://www.winamp.com/player/version_history.php#5.31 http://www.securityfocus.com/bid/20744 http://securitytracker.com/id?1017119 http://securitytracker.com/id?1017120 http://secunia.com/advisories/22580 http://www.kb.cert.org/vuls/id/449092 http://www.vupen.com/english/advisories/2006/4196 https://exchange.xforce.ibmcloud.com/vulnerabilities/29807 https://exchange.xforce.ibmcloud.com/vulnerabilities/29804 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15686 https://nvd.nist.gov https://www.exploit-db.com/exploits/2708/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-5567

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect