cbcvebase.
CVE-2004-0820
published 2004-08-28

CVE-2004-0820: Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files…

PriorityP268medium4.6CVSS 2.0
AVLACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.54%
83.0th percentile
Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.

Affected

29 ranges· showing 25
VendorProductVersion rangeFixed in
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp
nullsoftwinamp

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/418.rar
filenamefoo.wsz
path/html/file.exe
path/html/test.htm
path/skin.xml
  • The exploit was observed in the wild as of 2004-08-25 with no patch available at time of disclosure; treat any .wsz file loaded by Winamp versions before 5.0.4 as potentially malicious.
  • The attack vector is script execution in the Local computer zone via HTML files referenced from XML files inside a .wsz skin archive; monitor Winamp skin loading activity for .wsz files containing /html/*.htm and /xml/*.xml entries.
  • ·Vulnerability affects Winamp versions before 5.0.4 only; version 5.0.4 and later are not stated to be vulnerable.

CVSS provenance

nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vulncheck4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.