Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags.
CVSS Score
4.3
EPSS Score
0.006
Published
2008-08-10
Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
CVSS Score
7.5
EPSS Score
0.011
Published
2008-08-01
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
CVSS Score
9.3
EPSS Score
0.062
Published
2007-10-12
Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file.
CVSS Score
9.3
EPSS Score
0.091
Published
2006-06-26
Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.
CVSS Score
9.3
EPSS Score
0.077
Published
2005-07-19
Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag.
CVSS Score
7.5
EPSS Score
0.017
Published
2002-07-03
Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist.
CVSS Score
7.5
EPSS Score
0.071
Published
2000-07-20
Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file.
CVSS Score
7.2
EPSS Score
0.007
Published
2000-01-04
Page 3