Vulnerabilities > CVE-2004-1896 - Heap Overflow vulnerability in NullSoft Winamp in_mod.dll Plug-in

CVSS 7.6 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

high complexity

nullsoft

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file.

Vulnerable Configurations

Part	Description	Count
Application	Nullsoft Nullsoft Winamp 2.91 Nullsoft Winamp 3.0 Nullsoft Winamp 3.1 Nullsoft Winamp 5.0.1 Nullsoft Winamp 5.0.2	5

References

http://marc.info/?l=bugtraq&m=108118289208693&w=2
http://secunia.com/advisories/11285
http://securitytracker.com/id?1009660
http://www.nextgenss.com/advisories/winampheap.txt
http://www.osvdb.org/4944
http://www.securityfocus.com/bid/10045
https://exchange.xforce.ibmcloud.com/vulnerabilities/15727