Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3567

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-3567
Last Modified 13 Aug 2012 10:46:23
Published 10 Aug 2008 04:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3567

Summary

Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags.

Vulnerable Systems

Application

  • Nullsoft Winamp 2.0

  • Nullsoft Winamp 2.10

  • Nullsoft Winamp 2.24

  • Nullsoft Winamp 2.4

  • Nullsoft Winamp 2.50

  • Nullsoft Winamp 2.5e

  • Nullsoft Winamp 2.60

  • Nullsoft Winamp 2.61

  • Nullsoft Winamp 2.62

  • Nullsoft Winamp 2.64

  • Nullsoft Winamp 2.65

  • Nullsoft Winamp 2.6x

  • Nullsoft Winamp 2.70

  • Nullsoft Winamp 2.71

  • Nullsoft Winamp 2.72

  • Nullsoft Winamp 2.73

  • Nullsoft Winamp 2.74

  • Nullsoft Winamp 2.75

  • Nullsoft Winamp 2.76

  • Nullsoft Winamp 2.77

  • Nullsoft Winamp 2.78

  • Nullsoft Winamp 2.79

  • Nullsoft Winamp 2.7x

  • Nullsoft Winamp 2.80

  • Nullsoft Winamp 2.81

  • Nullsoft Winamp 2.90

  • Nullsoft Winamp 2.91

  • Nullsoft Winamp 2.95

  • Nullsoft Winamp 3.0

  • Nullsoft Winamp 3.1

  • Nullsoft Winamp 5.0

  • Nullsoft Winamp 5.0.1

  • Nullsoft Winamp 5.0.2

  • Nullsoft Winamp 5.01

  • Nullsoft Winamp 5.02

  • Nullsoft Winamp 5.03

  • Nullsoft Winamp 5.03a

  • Nullsoft Winamp 5.04

  • Nullsoft Winamp 5.05

  • Nullsoft Winamp 5.06

  • Nullsoft Winamp 5.07

  • Nullsoft Winamp 5.08

  • Nullsoft Winamp 5.08c

  • Nullsoft Winamp 5.08d

  • Nullsoft Winamp 5.08e

  • Nullsoft Winamp 5.09

  • Nullsoft Winamp 5.091

  • Nullsoft Winamp 5.093

  • Nullsoft Winamp 5.094

  • Nullsoft Winamp 5.1

  • Nullsoft Winamp 5.11

  • Nullsoft Winamp 5.111

  • Nullsoft Winamp 5.112

  • Nullsoft Winamp 5.12

  • Nullsoft Winamp 5.13

  • Nullsoft Winamp 5.2

  • Nullsoft Winamp 5.21

  • Nullsoft Winamp 5.22

  • Nullsoft Winamp 5.23

  • Nullsoft Winamp 5.24

  • Nullsoft Winamp 5.3

  • Nullsoft Winamp 5.31

  • Nullsoft Winamp 5.32

  • Nullsoft Winamp 5.33

  • Nullsoft Winamp 5.34

  • Nullsoft Winamp 5.35

  • Nullsoft Winamp 5.36

  • Nullsoft Winamp 5.5

  • Nullsoft Winamp 5.51

  • Nullsoft Winamp 5.52

  • Nullsoft Winamp 5.53

  • Nullsoft Winamp 5.54


References

BID - 30539

SECUNIA - 31371

CONFIRM - http://forums.winamp.com/showthread.php?threadid=295505

XF - winamp-nowplaying-unspecified(44207)

MISC - http://blog.watchfire.com/wfblog/2008/09/winamp-nowplayi.html


Last Updated: 27 May 2016 10:48:14