Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1150Improper Restriction of Operations within the Bounds of a Memory Buffer in Winamp

3 documents3 sources
Severity
5.1MEDIUMNVD
EPSS
6.6%
top 8.79%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Nullsoft Winamp
Timeline
PublishedDec 31
Latest updateApr 29

Description

Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

NVDnullsoft/winamp9 versions+8

🔴Vulnerability Details

1
GHSA
GHSA-v55q-pg6c-cwvp: Stack-based buffer overflow in the in_cdda2022-04-29

💥Exploits & PoCs

1
Exploit-DB
NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow (PoC)2005-01-25