Shodan
Vulnerabilities
Vulnerable Software
Nullsoft:  >> Winamp  Security Vulnerabilities
CVE-2002-1524
Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag.
CVSS Score
7.5
EPSS Score
0.048
Published
2003-04-02
CVE-2002-2195
Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response.
CVSS Score
5.0
EPSS Score
0.054
Published
2002-12-31
CVE-2002-2392
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.
CVSS Score
6.4
EPSS Score
0.013
Published
2002-12-31
CVE-2002-2412
Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.
CVSS Score
2.1
EPSS Score
0.001
Published
2002-12-31
CVE-2002-1176
Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file.
CVSS Score
7.5
EPSS Score
0.019
Published
2002-12-26
CVE-2002-1177
Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag.
CVSS Score
7.5
EPSS Score
0.031
Published
2002-12-26
CVE-2002-0546
Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file.
CVSS Score
7.5
EPSS Score
0.01
Published
2002-07-03
CVE-2002-0547
Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag.
CVSS Score
7.5
EPSS Score
0.017
Published
2002-07-03
CVE-2002-0284
Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname.
CVSS Score
2.6
EPSS Score
0.004
Published
2002-05-31
CVE-2001-0490
Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file.
CVSS Score
7.5
EPSS Score
0.042
Published
2001-06-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved