Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-2392

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2002-2392
Last Modified 05 Sep 2008 04:33:06
Published 31 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-2392

Summary

Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.

Vulnerable Systems

Application

  • Nullsoft Winamp 2.65

  • Nullsoft Winamp 2.70

  • Nullsoft Winamp 2.71

  • Nullsoft Winamp 2.72

  • Nullsoft Winamp 2.73

  • Nullsoft Winamp 2.74

  • Nullsoft Winamp 2.75

  • Nullsoft Winamp 2.76

  • Nullsoft Winamp 2.77

  • Nullsoft Winamp 2.78

  • Nullsoft Winamp 2.79

  • Nullsoft Winamp 2.80

  • Nullsoft Winamp 3.1


References

BID - 5266

XF - winamp-wsz-code-execution(9630)

BUGTRAQ - 20020717 WINAMP also allows execution of arbitrary code (probably a lot more programs aswell)


Last Updated: 27 May 2016 10:37:44