Integer Overflow Vulnerability in Winamp's NSV Plugin by Nullsoft
CVE-2010-2586

Currently unrated

Key Information:

Vendor: Nullsoft
Status: Winamp
Vendor: CVE Published:; 2 December 2010

What is CVE-2010-2586?

The vulnerability in Winamp's NSV plugin arises from multiple integer overflows in the in_nsv.dll file, which can be exploited by remote attackers. By crafting a malicious Table of Contents (TOC) within an NSV stream or NSV file, these attackers can trigger a heap-based buffer overflow, potentially leading to arbitrary code execution on the affected system. This security concern highlights the importance of maintaining updated software to mitigate risks associated with older versions.

References

http://secunia.com/advisories/42004

third-party-advisoryx_refsource_SECUNIA

http://forums.winamp.com/showthread.php?threadid=159785

x_refsource_CONFIRM

http://forums.winamp.com/showthread.php?t=324322

x_refsource_CONFIRM

EPSS Score

11% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2010
Vulnerability Reserved
Jul 1, 2010