The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Nullsoft Winamp 5.03a (not an official CPE)
Nullsoft Winamp 5.12
Nullsoft Winamp 2.73 Full (not an official CPE)
Nullsoft Winamp 5.13
Nullsoft Winamp 5.54
Nullsoft Winamp 2.90 (not an official CPE)
Nullsoft Winamp 5.55
Nullsoft Winamp 5.11
Nullsoft Winamp 5.091
Nullsoft Winamp 2.91
Nullsoft Winamp 2.50 (not an official CPE)
Nullsoft Winamp 2.70 Full (not an official CPE)
Nullsoft Winamp 2.4 (not an official CPE)
Nullsoft Winamp 2.60 Full (not an official CPE)
Nullsoft Winamp 2.61 Full (not an official CPE)
Nullsoft Winamp 2.62 (not an official CPE)
Nullsoft Winamp 2.65 (not an official CPE)
Nullsoft Winamp 2.64 (not an official CPE)
Nullsoft Winamp 5.05
Nullsoft Winamp 5.06
Nullsoft Winamp 5.03
Nullsoft Winamp 2.24 (not an official CPE)
Nullsoft Winamp 5.04
Nullsoft Winamp 5.01
Nullsoft Winamp 5.02
Nullsoft Winamp 2.61 (not an official CPE)
Nullsoft Winamp 2.60 (not an official CPE)
Nullsoft Winamp 5.09
Nullsoft Winamp 5.111
Nullsoft Winamp 5.07
Nullsoft Winamp 5.08 (not an official CPE)
Nullsoft Winamp 5.112
Nullsoft Winamp 3.0 (not an official CPE)
Nullsoft Winamp 2.60 Lite (not an official CPE)
Nullsoft Winamp 5.31
Nullsoft Winamp 2.74 (not an official CPE)
Nullsoft Winamp 2.73 (not an official CPE)
Nullsoft Winamp 2.76 (not an official CPE)
Nullsoft Winamp 2.75 (not an official CPE)
Nullsoft Winamp 2.78 (not an official CPE)
Nullsoft Winamp 3.1 (not an official CPE)
Nullsoft Winamp 2.77 (not an official CPE)
Nullsoft Winamp 5.0
Nullsoft Winamp 5.36
Nullsoft Winamp 2.79 (not an official CPE)
Nullsoft Winamp 5.34
Nullsoft Winamp 5.35
Nullsoft Winamp 5.32
Nullsoft Winamp 5.33
Nullsoft Winamp 2.70 (not an official CPE)
Nullsoft Winamp 5.5
Nullsoft Winamp 2.72 (not an official CPE)
Nullsoft Winamp 2.71 (not an official CPE)
Nullsoft Winamp 5.3
Nullsoft Winamp 5.0.1 (not an official CPE)
Nullsoft Winamp 5.0.2 (not an official CPE)
Nullsoft Winamp 5.1 (not an official CPE)
Nullsoft Winamp 5.2
Nullsoft Winamp 5.541
Nullsoft Winamp 2.5e (not an official CPE)
Nullsoft Winamp 5.094
Nullsoft Winamp 5.093
Nullsoft Winamp 5.08e
Nullsoft Winamp 2.6x (not an official CPE)
Nullsoft Winamp 5.23
Nullsoft Winamp 5.08c
Nullsoft Winamp 5.24
Nullsoft Winamp 5.08d
Nullsoft Winamp 5.21
Nullsoft Winamp 5.22
Nullsoft Winamp 2.62 Standard (not an official CPE)
Nullsoft Winamp 2.81 (not an official CPE)
Nullsoft Winamp 2.80 (not an official CPE)
Nullsoft Winamp 5.08 E (not an official CPE)
Nullsoft Winamp 2.64 Standard (not an official CPE)
Nullsoft Winamp 5.08 D (not an official CPE)
Nullsoft Winamp 5.08 C (not an official CPE)
Nullsoft Winamp 2.7x (not an official CPE)
Nullsoft Winamp 2.10
Nullsoft Winamp 2.95
Nullsoft Winamp 5.51
Nullsoft Winamp 5.53
Nullsoft Winamp 5.52
Nullsoft Winamp 2.0
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| 8783 | |||
| 8772 | |||
| 8770 | |||
| 8767 | |||
| winamp-maki-overflow(50664) | |||
| 35052 | |||
| http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-p... |