Vulnerability Details : CVE-2011-4857
Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file. NOTE: some of these details are obtained from third party information.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2011-4857
Probability of exploitation activity in the next 30 days: 4.99%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-4857
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-4857
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4857
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/72054
Nullsoft Winamp IT buffer overflow CVE-2011-4857 Vulnerability Report
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15351
Repository / Oval Repository
-
http://forums.winamp.com/showthread.php?t=332010
Winamp 5.623 Released - Winamp & Shoutcast Forums
Products affected by CVE-2011-4857
- cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.56:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.58:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.57:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.572:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.581:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.6:*:*:*:*:*:*:*