Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-2195Improper Restriction of Operations within the Bounds of a Memory Buffer in Winamp

5 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
20.6%
top 4.41%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Nullsoft Winamp
Timeline
PublishedDec 31
Latest updateApr 30

Description

Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDnullsoft/winamp15 versions+14

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

1
GHSA
GHSA-62m8-f85x-h9p8: Buffer overflow in the version update check for Winamp 22022-04-30

💥Exploits & PoCs

3
Exploit-DB
3.3/4.0/4.2 MERCUR MailServer - Control-Service Buffer Overflow2002-07-16
Exploit-DB
Microsoft IIS 4.0/5.0 - SMTP Service Encapsulated SMTP Address (MS99-027)2002-07-12
Exploit-DB
Nullsoft Winamp 2.80 - Automatic Update Check Buffer Overflow2002-07-03