Vulnerability Details : CVE-2012-3890
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file.
Vulnerability category: OverflowMemory CorruptionDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2012-3890
Probability of exploitation activity in the next 30 days: 0.54%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 76 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-3890
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2012-3890
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3890
-
http://forums.winamp.com/showthread.php?t=345684
Winamp 5.63 Released - Winamp & Shoutcast ForumsPatch
-
http://www.securityfocus.com/bid/54131
Winamp AVI / IT File Multiple Memory Corruption Vulnerabilities
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15553
Repository / Oval Repository
Products affected by CVE-2012-3890
- cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.36:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.56:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.57:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.572:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.581:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.61:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.59:beta:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.54:beta:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.55:beta:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.51:beta:*:*:*:*:*:*