ID CVE-2009-1831
Summary The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
References
Vulnerable Configurations
  • Nullsoft Winamp 5.07
    cpe:2.3:a:nullsoft:winamp:5.07
  • Nullsoft Winamp 5.06
    cpe:2.3:a:nullsoft:winamp:5.06
  • Nullsoft Winamp 5.05
    cpe:2.3:a:nullsoft:winamp:5.05
  • Nullsoft Winamp 5.04
    cpe:2.3:a:nullsoft:winamp:5.04
  • Nullsoft Winamp 5.09
    cpe:2.3:a:nullsoft:winamp:5.09
  • Nullsoft Winamp 5.08e
    cpe:2.3:a:nullsoft:winamp:5.08e
  • Nullsoft Winamp 5.08d
    cpe:2.3:a:nullsoft:winamp:5.08d
  • Nullsoft Winamp 5.08c
    cpe:2.3:a:nullsoft:winamp:5.08c
  • cpe:2.3:a:nullsoft:winamp:5.0.2
    cpe:2.3:a:nullsoft:winamp:5.0.2
  • cpe:2.3:a:nullsoft:winamp:5.0.1
    cpe:2.3:a:nullsoft:winamp:5.0.1
  • Nullsoft Winamp 5.0
    cpe:2.3:a:nullsoft:winamp:5.0
  • cpe:2.3:a:nullsoft:winamp:3.1
    cpe:2.3:a:nullsoft:winamp:3.1
  • cpe:2.3:a:nullsoft:winamp:5.03a
    cpe:2.3:a:nullsoft:winamp:5.03a
  • Nullsoft Winamp 5.03
    cpe:2.3:a:nullsoft:winamp:5.03
  • Nullsoft Winamp 5.02
    cpe:2.3:a:nullsoft:winamp:5.02
  • Nullsoft Winamp 5.01
    cpe:2.3:a:nullsoft:winamp:5.01
  • cpe:2.3:a:nullsoft:winamp:2.80
    cpe:2.3:a:nullsoft:winamp:2.80
  • cpe:2.3:a:nullsoft:winamp:2.81
    cpe:2.3:a:nullsoft:winamp:2.81
  • cpe:2.3:a:nullsoft:winamp:2.79
    cpe:2.3:a:nullsoft:winamp:2.79
  • cpe:2.3:a:nullsoft:winamp:2.7x
    cpe:2.3:a:nullsoft:winamp:2.7x
  • Nullsoft Winamp 2.95
    cpe:2.3:a:nullsoft:winamp:2.95
  • cpe:2.3:a:nullsoft:winamp:3.0
    cpe:2.3:a:nullsoft:winamp:3.0
  • cpe:2.3:a:nullsoft:winamp:2.90
    cpe:2.3:a:nullsoft:winamp:2.90
  • Nullsoft Winamp 2.91
    cpe:2.3:a:nullsoft:winamp:2.91
  • cpe:2.3:a:nullsoft:winamp:2.73
    cpe:2.3:a:nullsoft:winamp:2.73
  • cpe:2.3:a:nullsoft:winamp:2.74
    cpe:2.3:a:nullsoft:winamp:2.74
  • cpe:2.3:a:nullsoft:winamp:2.71
    cpe:2.3:a:nullsoft:winamp:2.71
  • cpe:2.3:a:nullsoft:winamp:2.72
    cpe:2.3:a:nullsoft:winamp:2.72
  • cpe:2.3:a:nullsoft:winamp:2.77
    cpe:2.3:a:nullsoft:winamp:2.77
  • cpe:2.3:a:nullsoft:winamp:2.78
    cpe:2.3:a:nullsoft:winamp:2.78
  • cpe:2.3:a:nullsoft:winamp:2.75
    cpe:2.3:a:nullsoft:winamp:2.75
  • cpe:2.3:a:nullsoft:winamp:2.76
    cpe:2.3:a:nullsoft:winamp:2.76
  • cpe:2.3:a:nullsoft:winamp:2.60
    cpe:2.3:a:nullsoft:winamp:2.60
  • cpe:2.3:a:nullsoft:winamp:2.60:-:full
    cpe:2.3:a:nullsoft:winamp:2.60:-:full
  • cpe:2.3:a:nullsoft:winamp:2.5e
    cpe:2.3:a:nullsoft:winamp:2.5e
  • cpe:2.3:a:nullsoft:winamp:2.62
    cpe:2.3:a:nullsoft:winamp:2.62
  • cpe:2.3:a:nullsoft:winamp:2.61
    cpe:2.3:a:nullsoft:winamp:2.61
  • cpe:2.3:a:nullsoft:winamp:2.65
    cpe:2.3:a:nullsoft:winamp:2.65
  • cpe:2.3:a:nullsoft:winamp:2.64
    cpe:2.3:a:nullsoft:winamp:2.64
  • cpe:2.3:a:nullsoft:winamp:2.70
    cpe:2.3:a:nullsoft:winamp:2.70
  • cpe:2.3:a:nullsoft:winamp:2.6x
    cpe:2.3:a:nullsoft:winamp:2.6x
  • Nullsoft Winamp 2.0
    cpe:2.3:a:nullsoft:winamp:2.0
  • cpe:2.3:a:nullsoft:winamp:2.61:-:full
    cpe:2.3:a:nullsoft:winamp:2.61:-:full
  • cpe:2.3:a:nullsoft:winamp:2.24
    cpe:2.3:a:nullsoft:winamp:2.24
  • cpe:2.3:a:nullsoft:winamp:2.60:-:lite
    cpe:2.3:a:nullsoft:winamp:2.60:-:lite
  • Nullsoft Winamp 2.10
    cpe:2.3:a:nullsoft:winamp:2.10
  • cpe:2.3:a:nullsoft:winamp:2.50
    cpe:2.3:a:nullsoft:winamp:2.50
  • cpe:2.3:a:nullsoft:winamp:2.4
    cpe:2.3:a:nullsoft:winamp:2.4
  • Nullsoft Winamp 5.541
    cpe:2.3:a:nullsoft:winamp:5.541
  • Nullsoft Winamp 5.36
    cpe:2.3:a:nullsoft:winamp:5.36
  • Nullsoft Winamp 5.5
    cpe:2.3:a:nullsoft:winamp:5.5
  • Nullsoft Winamp 5.51
    cpe:2.3:a:nullsoft:winamp:5.51
  • cpe:2.3:a:nullsoft:winamp:2.62:-:standard
    cpe:2.3:a:nullsoft:winamp:2.62:-:standard
  • Nullsoft Winamp 5.53
    cpe:2.3:a:nullsoft:winamp:5.53
  • cpe:2.3:a:nullsoft:winamp:2.64:-:standard
    cpe:2.3:a:nullsoft:winamp:2.64:-:standard
  • Nullsoft Winamp 5.52
    cpe:2.3:a:nullsoft:winamp:5.52
  • cpe:2.3:a:nullsoft:winamp:2.70:-:full
    cpe:2.3:a:nullsoft:winamp:2.70:-:full
  • Nullsoft Winamp 5.111
    cpe:2.3:a:nullsoft:winamp:5.111
  • cpe:2.3:a:nullsoft:winamp:2.73:-:full
    cpe:2.3:a:nullsoft:winamp:2.73:-:full
  • Nullsoft Winamp 5.112
    cpe:2.3:a:nullsoft:winamp:5.112
  • Nullsoft Winamp 5.54
    cpe:2.3:a:nullsoft:winamp:5.54
  • Nullsoft Winamp 5.34
    cpe:2.3:a:nullsoft:winamp:5.34
  • Nullsoft Winamp 5.35
    cpe:2.3:a:nullsoft:winamp:5.35
  • cpe:2.3:a:nullsoft:winamp:5.08:c
    cpe:2.3:a:nullsoft:winamp:5.08:c
  • cpe:2.3:a:nullsoft:winamp:5.08:d
    cpe:2.3:a:nullsoft:winamp:5.08:d
  • cpe:2.3:a:nullsoft:winamp:5.08
    cpe:2.3:a:nullsoft:winamp:5.08
  • cpe:2.3:a:nullsoft:winamp:5.08:e
    cpe:2.3:a:nullsoft:winamp:5.08:e
  • Nullsoft Winamp 5.12
    cpe:2.3:a:nullsoft:winamp:5.12
  • Nullsoft Winamp 5.11
    cpe:2.3:a:nullsoft:winamp:5.11
  • Nullsoft Winamp 5.2
    cpe:2.3:a:nullsoft:winamp:5.2
  • Nullsoft Winamp 5.13
    cpe:2.3:a:nullsoft:winamp:5.13
  • Nullsoft Winamp 5.093
    cpe:2.3:a:nullsoft:winamp:5.093
  • Nullsoft Winamp 5.091
    cpe:2.3:a:nullsoft:winamp:5.091
  • cpe:2.3:a:nullsoft:winamp:5.1
    cpe:2.3:a:nullsoft:winamp:5.1
  • Nullsoft Winamp 5.094
    cpe:2.3:a:nullsoft:winamp:5.094
  • Nullsoft Winamp 5.31
    cpe:2.3:a:nullsoft:winamp:5.31
  • Nullsoft Winamp 5.3
    cpe:2.3:a:nullsoft:winamp:5.3
  • Nullsoft Winamp 5.33
    cpe:2.3:a:nullsoft:winamp:5.33
  • Nullsoft Winamp 5.32
    cpe:2.3:a:nullsoft:winamp:5.32
  • Nullsoft Winamp 5.22
    cpe:2.3:a:nullsoft:winamp:5.22
  • Nullsoft Winamp 5.21
    cpe:2.3:a:nullsoft:winamp:5.21
  • Nullsoft Winamp 5.24
    cpe:2.3:a:nullsoft:winamp:5.24
  • Nullsoft Winamp 5.23
    cpe:2.3:a:nullsoft:winamp:5.23
  • Nullsoft Winamp 5.55
    cpe:2.3:a:nullsoft:winamp:5.55
CVSS
Base: 9.3 (as of 01-06-2009 - 13:04)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
  • description Winamp MAKI Buffer Overflow. CVE-2009-1831. Local exploit for windows platform
    id EDB-ID:21256
    last seen 2016-02-02
    modified 2012-09-12
    published 2012-09-12
    reporter metasploit
    source https://www.exploit-db.com/download/21256/
    title Winamp - MAKI Buffer Overflow
  • description Winamp 5.551 MAKI Parsing Integer Overflow PoC. CVE-2009-1831. Dos exploit for windows platform
    file exploits/windows/dos/8767.c
    id EDB-ID:8767
    last seen 2016-02-01
    modified 2009-05-22
    platform windows
    port
    published 2009-05-22
    reporter n00b
    source https://www.exploit-db.com/download/8767/
    title Winamp 5.551 - MAKI Parsing Integer Overflow PoC
    type dos
  • description Winamp. CVE-2009-1831. Local exploit for windows platform
    file exploits/windows/local/8772.pl
    id EDB-ID:8772
    last seen 2016-02-01
    modified 2009-05-22
    platform windows
    port
    published 2009-05-22
    reporter Encrypt3d.M!nd
    source https://www.exploit-db.com/download/8772/
    title Winamp <= 5.55 - MAKI script Universal Integer Overflow Exploit
    type local
  • description Winamp 5.551 MAKI Parsing Integer Overflow Exploit. CVE-2009-1831. Local exploit for windows platform
    file exploits/windows/local/8783.c
    id EDB-ID:8783
    last seen 2016-02-01
    modified 2009-05-26
    platform windows
    port
    published 2009-05-26
    reporter n00b
    source https://www.exploit-db.com/download/8783/
    title Winamp 5.551 - MAKI Parsing Integer Overflow Exploit
    type local
  • description Winamp. CVE-2009-1831. Local exploit for windows platform
    file exploits/windows/local/8770.py
    id EDB-ID:8770
    last seen 2016-02-01
    modified 2009-05-22
    platform windows
    port
    published 2009-05-22
    reporter His0k4
    source https://www.exploit-db.com/download/8770/
    title Winamp <= 5.55 - MAKI script Universal Seh Overwrite Exploit
    type local
metasploit via4
description This module exploits a stack based buffer overflow in Winamp 5.55. The flaw exists in the gen_ff.dll and occurs while parsing a specially crafted MAKI file, where memmove is used in an insecure way with user controlled data. To exploit the vulnerability the attacker must convince the victim to install the generated mcvcore.maki file in the "scripts" directory of the default "Bento" skin, or generate a new skin using the crafted mcvcore.maki file. The module has been tested successfully on Windows XP SP3 and Windows 7 SP1.
id MSF:EXPLOIT/WINDOWS/FILEFORMAT/WINAMP_MAKI_BOF
last seen 2019-03-26
modified 2017-09-22
published 2012-09-10
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/winamp_maki_bof.rb
title Winamp MAKI Buffer Overflow
nessus via4
NASL family Windows
NASL id WINAMP_5552.NASL
description The remote host is running Winamp, a media player for Windows. The version of Winamp installed on the remote host is earlier than 5.552. Such versions are reportedly affected by an integer overflow vulnerability when processing '.maki' files. An attacker could exploit this to execute arbitrary code in the context of the affected application.
last seen 2019-02-21
modified 2018-08-06
plugin id 38858
published 2009-05-22
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=38858
title Winamp < 5.552 Modern Skins Support Module (gen_ff.dll) MAKI File Handling Overflow
oval via4
accepted 2014-04-07T04:01:59.123-04:00
class vulnerability
contributors
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
comment Winamp is installed
oval oval:org.mitre.oval:def:6897
description The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
family windows
id oval:org.mitre.oval:def:15683
status accepted
submitted 2012-07-20T09:18:28.692-04:00
title Vulnerability in Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552
version 8
packetstorm via4
data source https://packetstormsecurity.com/files/download/116403/winamp_maki_bof.rb.txt
id PACKETSTORM:116403
last seen 2016-12-05
published 2012-09-11
reporter juan vazquez
source https://packetstormsecurity.com/files/116403/Winamp-MAKI-Buffer-Overflow.html
title Winamp MAKI Buffer Overflow
refmap via4
bid 35052
exploit-db
  • 8767
  • 8770
  • 8772
  • 8783
misc http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-parsing-vulnerability.html
xf winamp-maki-overflow(50664)
Last major update 13-08-2012 - 23:01
Published 29-05-2009 - 18:30
Last modified 28-09-2017 - 21:34
Back to Top