Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0765 — Winamp vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

4.5%

top 10.92%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Nullsoft Winamp

Timeline

PublishedSep 17

Latest updateApr 29

Description

The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDnullsoft/winamp4 versions+3

🔴Vulnerability Details

GHSA

GHSA-82pg-qxxq-qcg9: The IN_MIDI↗2022-04-29

▶

💥Exploits & PoCs

Exploit-DB

NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow (PoC)↗2003-09-08

▶