Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-3228 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Winamp

3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

9.1%

top 7.32%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Nullsoft Winamp

Timeline

PublishedJun 26

Latest updateMay 1

Description

Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDnullsoft/winamp5.23+29

Patches

Patch: forums.winamp.com ↗Patch: forums.winamp.com ↗

🔴Vulnerability Details

GHSA

GHSA-cjpj-jv9g-r4r4: Buffer overflow in in_midi↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Winamp 5.21 - '.Midi' File Header Handling Buffer Overflow (PoC)↗2006-06-20

▶