Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1119 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Winamp

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

55.4%

top 1.92%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Nullsoft Winamp

Timeline

PublishedJan 10

Latest updateApr 29

Description

Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDnullsoft/winamp6 versions+5

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-442g-q24g-3535: Stack-based buffer overflow in IN_CDDA↗2022-04-29

▶

💥Exploits & PoCs

Exploit-DB

Winamp 5.06 - 'IN_CDDA.dll' Remote Buffer Overflow↗2004-11-24

▶