Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0820 — Winamp vulnerability

4 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

2.1%

top 15.74%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Nullsoft Winamp

Timeline

PublishedAug 28

Latest updateApr 29

Description

Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDnullsoft/winamp29 versions+28

Patches

Patch: secunia.com ↗Patch: www.auscert.org.au ↗Patch: www.frsirt.com ↗

🔴Vulnerability Details

GHSA

GHSA-q427-h43h-5g3g: Winamp before 5↗2022-04-29

▶

VulnCheck

Winamp .wsz Skin File Vulnerability↗2004

▶

💥Exploits & PoCs

Exploit-DB

Winamp 5.04 - '.wsz' Skin File Remote Code Execution↗2004-08-25

▶