CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
96.6%
Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.
Vendor | Product | Version | CPE |
---|---|---|---|
nullsoft | winamp | 2.4 | cpe:2.3:a:nullsoft:winamp:2.4:*:*:*:*:*:*:* |
nullsoft | winamp | 2.5e | cpe:2.3:a:nullsoft:winamp:2.5e:*:*:*:*:*:*:* |
nullsoft | winamp | 2.10 | cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:* |
nullsoft | winamp | 2.24 | cpe:2.3:a:nullsoft:winamp:2.24:*:*:*:*:*:*:* |
nullsoft | winamp | 2.50 | cpe:2.3:a:nullsoft:winamp:2.50:*:*:*:*:*:*:* |
nullsoft | winamp | 2.60 | cpe:2.3:a:nullsoft:winamp:2.60:*:full:*:*:*:*:* |
nullsoft | winamp | 2.60 | cpe:2.3:a:nullsoft:winamp:2.60:*:lite:*:*:*:*:* |
nullsoft | winamp | 2.61 | cpe:2.3:a:nullsoft:winamp:2.61:*:full:*:*:*:*:* |
nullsoft | winamp | 2.62 | cpe:2.3:a:nullsoft:winamp:2.62:*:standard:*:*:*:*:* |
nullsoft | winamp | 2.64 | cpe:2.3:a:nullsoft:winamp:2.64:*:*:*:*:*:*:* |