Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
high complexity
nullsoft
nessus
exploit available
Published: 2004-12-31
Updated: 2017-07-11
Summary
Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.
Vulnerable Configurations
| Part | Description | Count |
| Application | Nullsoft | 9 |
Exploit-Db
| description | Nullsoft Winamp 5.0.x Variant IN_CDDA.dll Remote Buffer Overflow Vulnerability. CVE-2004-1150. Dos exploit for windows platform |
| id | EDB-ID:25061 |
| last seen | 2016-02-03 |
| modified | 2005-01-25 |
| published | 2005-01-25 |
| reporter | Yu Yang |
| source | https://www.exploit-db.com/download/25061/ |
| title | Nullsoft Winamp 5.0.x - Variant IN_CDDA.dll Remote Buffer Overflow Vulnerability |
Nessus
| NASL family | Windows |
| NASL id | WINAMP_UNSPECIFIED_VULNS.NASL |
| description | The version of Winamp installed on the remote host has various unspecified vulnerabilities that may allow an attacker to execute arbitrary code on the remote host. An attacker may exploit these flaws by sending malformed files to a victim on the remote host. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 16152 |
| published | 2005-01-13 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/16152 |
| title | Winamp < 5.0.8c Multiple Unspecified Vulnerabilities |
| code | #
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if(description)
{
script_id(16152);
script_version("1.21");
script_cvs_date("Date: 2018/11/15 20:50:29");
script_cve_id("CVE-2004-1150");
script_bugtraq_id(12245, 12381);
script_name(english:"Winamp < 5.0.8c Multiple Unspecified Vulnerabilities");
script_set_attribute(
attribute:'synopsis',
value:'The version of Winamp on the remote host has multiple vulnerabilities.'
);
script_set_attribute(
attribute:'description',
value:
"The version of Winamp installed on the remote host has various
unspecified vulnerabilities that may allow an attacker to execute
arbitrary code on the remote host.
An attacker may exploit these flaws by sending malformed files to a
victim on the remote host."
);
script_set_attribute(attribute:'solution', value:"Upgrade to Winamp 5.0.8c or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(
attribute:'see_also',
value:'https://marc.info/?l=bugtraq&m=110684140108614&w=2'
);
script_set_attribute(attribute:"plugin_publication_date", value: "2005/01/13");
script_set_attribute(attribute:"vuln_publication_date", value: "2004/12/22");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:nullsoft:winamp");
script_end_attributes();
script_summary(english:"Determines the version of Winamp");
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
script_family(english:"Windows");
script_dependencies("winamp_in_cdda_buffer_overflow.nasl");
script_require_keys("SMB/Winamp/Version");
exit(0);
}
#
version = get_kb_item("SMB/Winamp/Version");
if ( ! version ) exit(0);
if(version =~ "^([0-4]\.|5\.0\.[0-8]\.)")
security_warning(get_kb_item("SMB/transport"));
|