CVE-2002-0284 — Winamp vulnerability

3 documents3 sources

Severity

2.6LOWNVD

EPSS

0.4%

top 36.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nullsoft Winamp

Timeline

PublishedMay 31

Latest updateApr 30

Description

Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDnullsoft/winamp2.77, 2.78+1

🔴Vulnerability Details

GHSA

GHSA-7j57-vrgm-pf2m: Winamp 2↗2022-04-30

▶

💥Exploits & PoCs

Exploit-DB

WU-IMAP 2000.287(1-2) - Remote Overflow↗2002-06-25

▶