Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0065 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Nullsoft Winamp

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

72.4%

top 1.24%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Winamp Nullsoft Winamp

Timeline

PublishedJan 22

Latest updateMay 1

Description

Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDwinamp/nullsoft_winamp5.21, 5.5, 5.51+2

🔴Vulnerability Details

GHSA

GHSA-243h-4j57-f7gh: Multiple stack-based buffer overflows in in_mp3↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Winamp Ultravox Streaming Metadata 'in_mp3.dll' - Remote Buffer Overflow (Metasploit)↗2010-05-09

▶

Metasploit

Winamp Ultravox Streaming Metadata (in_mp3.dll) Buffer Overflow↗

▶