Vulnerabilities > CVE-2004-1150 - Unspecified vulnerability in Nullsoft Winamp

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
nullsoft
nessus
exploit available
NVD
Published: 2004-12-31
Updated: 2024-11-20

Summary

Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.

Vulnerable Configurations

Part Description Count
Application
Nullsoft
9

Exploit-Db

descriptionNullsoft Winamp 5.0.x Variant IN_CDDA.dll Remote Buffer Overflow Vulnerability. CVE-2004-1150. Dos exploit for windows platform
idEDB-ID:25061
last seen2016-02-03
modified2005-01-25
published2005-01-25
reporterYu Yang
sourcehttps://www.exploit-db.com/download/25061/
titleNullsoft Winamp 5.0.x - Variant IN_CDDA.dll Remote Buffer Overflow Vulnerability

Nessus

NASL familyWindows
NASL idWINAMP_UNSPECIFIED_VULNS.NASL
descriptionThe version of Winamp installed on the remote host has various unspecified vulnerabilities that may allow an attacker to execute arbitrary code on the remote host. An attacker may exploit these flaws by sending malformed files to a victim on the remote host.
last seen2020-06-01
modified2020-06-02
plugin id16152
published2005-01-13
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/16152
titleWinamp < 5.0.8c Multiple Unspecified Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if(description)
{
  script_id(16152);
  script_version("1.21");
  script_cvs_date("Date: 2018/11/15 20:50:29");

  script_cve_id("CVE-2004-1150");
  script_bugtraq_id(12245, 12381);

  script_name(english:"Winamp < 5.0.8c Multiple Unspecified Vulnerabilities");

  script_set_attribute(
    attribute:'synopsis',
    value:'The version of Winamp on the remote host has multiple vulnerabilities.'
  );

  script_set_attribute(
    attribute:'description',
    value:
"The version of Winamp installed on the remote host has various
unspecified vulnerabilities that may allow an attacker to execute
arbitrary code on the remote host. 

An attacker may exploit these flaws by sending malformed files to a
victim on the remote host."
  );

  script_set_attribute(attribute:'solution', value:"Upgrade to Winamp 5.0.8c or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(
    attribute:'see_also',
    value:'https://marc.info/?l=bugtraq&m=110684140108614&w=2'
  );

  script_set_attribute(attribute:"plugin_publication_date", value: "2005/01/13");
  script_set_attribute(attribute:"vuln_publication_date", value: "2004/12/22");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:nullsoft:winamp");
  script_end_attributes();

  script_summary(english:"Determines the version of Winamp");
  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
  script_family(english:"Windows");
  script_dependencies("winamp_in_cdda_buffer_overflow.nasl");
  script_require_keys("SMB/Winamp/Version");
  exit(0);
}

#

version = get_kb_item("SMB/Winamp/Version");
if ( ! version ) exit(0);

if(version =~ "^([0-4]\.|5\.0\.[0-8]\.)")
  security_warning(get_kb_item("SMB/transport"));

References