Vulnerabilities > CVE-2003-0765 - Remote Security vulnerability in Winamp

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

nullsoft

exploit available

NVD

Published: 2003-09-17

Updated: 2016-10-18

Summary

The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.

Vulnerable Configurations

Part	Description	Count
Application	Nullsoft Nullsoft Winamp 2.81 Nullsoft Winamp 2.91 Nullsoft Winamp 3.0 Nullsoft Winamp 3.1	4

Exploit-Db

description	NullSoft Winamp 2.81/2.91/3.0/3.1 MIDI Plugin IN_MIDI.DLL Track Data Size Buffer Overflow Vulnerability. CVE-2003-0765. Dos exploit for windows platform
id	EDB-ID:23124
last seen	2016-02-02
modified	2003-09-08
published	2003-09-08
reporter	Luigi Auriemma
source	https://www.exploit-db.com/download/23124/
title	NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin IN_MIDI.DLL Track Data Size Buffer Overflow Vulnerability

References

http://marc.info/?l=bugtraq&m=106305643432112&w=2