Nullsoft Winamp vulnerabilities

CVE-2004-1896 [HIGH] CVE-2004-1896: Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attacker Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file.

CVE-2004-1150 [MEDIUM] CVE-2004-1150: Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.

CVE-2004-2384 [MEDIUM] CVE-2004-2384: NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line.

CVE-2004-1396 [LOW] CVE-2004-1396: Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (appli Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.

CVE-2004-0820 [MEDIUM] CVE-2004-0820: Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone v Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.

CVE-2003-1272 [CRITICAL] CVE-2003-1272: Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter.

CVE-2003-1274 [MEDIUM] CVE-2003-1274: Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: a Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux.

CVE-2003-1273 [LOW] CVE-2003-1273: Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playl Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters.

CVE-2003-0765 [HIGH] CVE-2003-0765: The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.

CVE-2002-1524 [HIGH] CVE-2002-1524: Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execut Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag.

CVE-2002-2392 [MEDIUM] CVE-2002-2392: Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attack Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.

CVE-2002-2195 [MEDIUM] CVE-2002-2195: Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response.

CVE-2002-2412 [LOW] CWE-255 CVE-2002-2412: Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] s Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.

CVE-2002-1176 [HIGH] CVE-2002-1176: Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist I Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file.

CVE-2002-1177 [HIGH] CVE-2002-1177: Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag.

CVE-2002-0547 [HIGH] CVE-2002-0547: Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a d Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag.

CVE-2002-0546 [HIGH] CVE-2002-0546: Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attack Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file.

CVE-2002-0284 [LOW] CVE-2002-0284: Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Te Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname.

CVE-2001-0490 [HIGH] CVE-2001-0490: Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file.

CVE-2000-0624 [HIGH] CVE-2000-0624: Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist.