CVE-2009-1831

Nullsoft Winamp < 5.55 - Numeric Error

Title source: rule

Description

The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.

Exploits (6)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/21256
exploitdb WORKING POC VERIFIED
by n00b · clocalwindows
https://www.exploit-db.com/exploits/8783
exploitdb WORKING POC VERIFIED
by His0k4 · pythonlocalwindows
https://www.exploit-db.com/exploits/8770
exploitdb WORKING POC VERIFIED
by Encrypt3d.M!nd · perllocalwindows
https://www.exploit-db.com/exploits/8772
exploitdb WORKING POC VERIFIED
by n00b · cdoswindows
https://www.exploit-db.com/exploits/8767
metasploit WORKING POC NORMAL
by Monica Sojeong Hong, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/winamp_maki_bof.rb

References (8)

Scores

EPSS 0.8117
EPSS Percentile 99.2%

Details

CWE
CWE-189
Status published
Products (43)
nullsoft/winamp 2.0
nullsoft/winamp 2.4
nullsoft/winamp 2.5e
nullsoft/winamp 2.6x
nullsoft/winamp 2.7x
nullsoft/winamp 2.10
nullsoft/winamp 2.24
nullsoft/winamp 2.50
nullsoft/winamp 2.60 (3 CPE variants)
nullsoft/winamp 2.61 (2 CPE variants)
... and 33 more
Published May 29, 2009
Tracked Since Feb 18, 2026