Vulnerabilities > Nullsoft > Winamp > 5.05
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-08-10 | CVE-2008-3567 | Cross-Site Scripting vulnerability in Nullsoft Winamp Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags. | 4.3 |
| 2008-08-01 | CVE-2008-3441 | Code Injection vulnerability in Nullsoft Winamp Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | 7.5 |
| 2007-10-12 | CVE-2007-4619 | Numeric Errors vulnerability in multiple products Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow. | 9.3 |
| 2006-06-26 | CVE-2006-3228 | Remote Security vulnerability in Winamp Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file. | 9.3 |
| 2006-02-15 | CVE-2006-0708 | Denial of Service vulnerability in Nullsoft Winamp M3U File Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476. | 9.3 |
| 2005-07-19 | CVE-2005-2310 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE. | 9.3 |
| 2005-01-10 | CVE-2004-1119 | Remote Buffer Overflow vulnerability in Nullsoft Winamp Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file. | 10.0 |
| 2004-12-31 | CVE-2004-1150 | Remote Buffer Overflow vulnerability in Nullsoft Winamp Variant Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file. | 5.1 |