Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.
CVSS Score
4.6
EPSS Score
0.043
Published
2004-08-28
The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.
CVSS Score
7.5
EPSS Score
0.045
Published
2003-09-17
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.
CVSS Score
6.4
EPSS Score
0.013
Published
2002-12-31
Page 2