CVE-2002-2392 — Winamp vulnerability

2 documents2 sources

Severity

6.4MEDIUMNVD

EPSS

3.8%

top 11.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nullsoft Winamp

Timeline

PublishedDec 31

Latest updateApr 30

Description

Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDnullsoft/winamp13 versions+12

🔴Vulnerability Details

GHSA

GHSA-324h-8gv8-f3xm: Winamp 2↗2022-04-30

▶