CVE-2013-4694
🟡 Monitoruj
Przepełnienie bufora w gen_jumpex.dll w Winamp umożliwia zdalne wywołanie awarii.
CVSS
7.5
EPSS
40.7%
Exploit
poc
Vendor
nullsoft
Opis źródłowy (NVD)
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk.
buffer-overflow dos exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.5 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 40.7% |
| Opublikowano (NVD) | 2014-04-16 22:55:06 UTC |
| Ostatnia modyfikacja (NVD) | 2026-05-06 22:30:45 UTC |
Referencje
- http://forums.winamp.com/showthread.php?t=364291 (cve@mitre.org) [Patch, Vendor Advisory]
- http://osvdb.org/94739 (cve@mitre.org)
- http://osvdb.org/94740 (cve@mitre.org)
- http://packetstormsecurity.com/files/122239/WinAmp-5.63-Buffer-Overflow.html (cve@mitre.org) [Exploit]
- http://packetstormsecurity.com/files/122978 (cve@mitre.org) [Exploit]
- http://seclists.org/fulldisclosure/2013/Jul/4 (cve@mitre.org) [Exploit]
- http://www.exploit-db.com/exploits/26558 (cve@mitre.org) [Exploit]
- http://www.securityfocus.com/bid/60883 (cve@mitre.org) [Exploit]
- http://www.securitytracker.com/id/1030107 (cve@mitre.org)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85399 (cve@mitre.org)
- https://www.rcesecurity.com/2013/07/winamp-v5-64-fixes-several-code-execution-vulnerabilities-cve-2013-4694-cve-2013-4695 (cve@mitre.org) [Exploit]