Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1150

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2004-1150
Last Modified 05 Sep 2008 04:40:31
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2004-1150

Summary

Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.

Vulnerable Systems

Application

  • Nullsoft Winamp 5.0

  • Nullsoft Winamp 5.01

  • Nullsoft Winamp 5.02

  • Nullsoft Winamp 5.03

  • Nullsoft Winamp 5.04

  • Nullsoft Winamp 5.05

  • Nullsoft Winamp 5.06

  • Nullsoft Winamp 5.07

  • Nullsoft Winamp 5.08c


References

XF - winamp-incdda-bo(18840)

CONFIRM - http://www.winamp.com/player/version_history.php

MISC - http://www.nsfocus.com/english/homepage/research/0501.htm

BUGTRAQ - 20050127 NSFOCUS SA2005-01 : Buffer Overflow in WinAMP in_cdda.dll CDA Device Name

BID - 12381

SECUNIA - 13781


Last Updated: 27 May 2016 10:38:55