Vulnerability Details : CVE-2009-1831
Public exploit exists!
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
Vulnerability category: OverflowExecute code
Products affected by CVE-2009-1831
- cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.7x:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.6x:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.77:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.60:*:lite:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.61:*:full:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.62:*:standard:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.70:*:full:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.73:*:full:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.64:*:standard:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.50:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.5e:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.60:*:full:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.24:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.64:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.03a:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.90:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.62:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.36:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.60:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.61:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08:e:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08:d:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08:c:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-1831
81.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2009-1831
-
Winamp MAKI Buffer Overflow
Disclosure Date: 2009-05-20First seen: 2020-04-26exploit/windows/fileformat/winamp_maki_bofThis module exploits a stack based buffer overflow in Winamp 5.55. The flaw exists in the gen_ff.dll and occurs while parsing a specially crafted MAKI file, where memmove is used in an insecure way with user controlled data. To exploit the vulnerability the attack
CVSS scores for CVE-2009-1831
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2009-1831
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-1831
-
https://www.exploit-db.com/exploits/8770
Winamp 5.55 - MAKI Script Universal Overwrite (SEH) - Windows local Exploit
-
http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-parsing-vulnerability.html
Omleiding
-
https://www.exploit-db.com/exploits/8772
Winamp 5.55 - MAKI script Universal Integer Overflow - Windows local Exploit
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15683
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/50664
-
http://www.securityfocus.com/bid/35052
Nullsoft Winamp 'gen_ff.dll' Buffer Overflow VulnerabilityExploit
-
https://www.exploit-db.com/exploits/8767
Winamp 5.551 - MAKI Parsing Integer Overflow (PoC) - Windows dos Exploit
-
https://www.exploit-db.com/exploits/8783
Winamp 5.551 - MAKI Parsing Integer Overflow - Windows local Exploit
Jump to