[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256040

 
 

909

 
 

199103

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-1150Date: (C)2004-12-31   (M)2023-12-22


Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.1
Exploit Score: 4.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-12381
SECUNIA-13781
http://marc.info/?l=bugtraq&m=110684140108614&w=2
http://www.nsfocus.com/english/homepage/research/0501.htm
http://www.winamp.com/player/version_history.php
winamp-incdda-bo(18840)

CPE    9
cpe:/a:nullsoft:winamp:5.08c
cpe:/a:nullsoft:winamp:5.01
cpe:/a:nullsoft:winamp:5.0
cpe:/a:nullsoft:winamp:5.03
...

© SecPod Technologies