Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2004-0820
HistorySep 02, 2004 - 4:00 a.m.

CVE-2004-0820

2004-09-0204:00:00
mitre
web.nvd.nist.gov
23
cve-2004-0820
winamp
vulnerability
remote execution
script
html
xml
.wsz skin file

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0.233

Percentile

96.6%

JSON

Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.

Affected configurations

Nvd
Node
nullsoftwinampMatch2.4
OR
nullsoftwinampMatch2.5e
OR
nullsoftwinampMatch2.10
OR
nullsoftwinampMatch2.24
OR
nullsoftwinampMatch2.50
OR
nullsoftwinampMatch2.60full
OR
nullsoftwinampMatch2.60lite
OR
nullsoftwinampMatch2.61full
OR
nullsoftwinampMatch2.62standard
OR
nullsoftwinampMatch2.64
OR
nullsoftwinampMatch2.64standard
OR
nullsoftwinampMatch2.65
OR
nullsoftwinampMatch2.70
OR
nullsoftwinampMatch2.70full
OR
nullsoftwinampMatch2.71
OR
nullsoftwinampMatch2.72
OR
nullsoftwinampMatch2.73
OR
nullsoftwinampMatch2.73full
OR
nullsoftwinampMatch2.74
OR
nullsoftwinampMatch2.75
OR
nullsoftwinampMatch2.76
OR
nullsoftwinampMatch2.77
OR
nullsoftwinampMatch2.78
OR
nullsoftwinampMatch2.79
OR
nullsoftwinampMatch2.80
OR
nullsoftwinampMatch2.81
OR
nullsoftwinampMatch2.91
OR
nullsoftwinampMatch3.0
OR
nullsoftwinampMatch3.1
OR
nullsoftwinampMatch5.01
OR
nullsoftwinampMatch5.02
OR
nullsoftwinampMatch5.03
OR
nullsoftwinampMatch5.04
VendorProductVersionCPE
nullsoftwinamp2.4cpe:2.3:a:nullsoft:winamp:2.4:*:*:*:*:*:*:*
nullsoftwinamp2.5ecpe:2.3:a:nullsoft:winamp:2.5e:*:*:*:*:*:*:*
nullsoftwinamp2.10cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*
nullsoftwinamp2.24cpe:2.3:a:nullsoft:winamp:2.24:*:*:*:*:*:*:*
nullsoftwinamp2.50cpe:2.3:a:nullsoft:winamp:2.50:*:*:*:*:*:*:*
nullsoftwinamp2.60cpe:2.3:a:nullsoft:winamp:2.60:*:full:*:*:*:*:*
nullsoftwinamp2.60cpe:2.3:a:nullsoft:winamp:2.60:*:lite:*:*:*:*:*
nullsoftwinamp2.61cpe:2.3:a:nullsoft:winamp:2.61:*:full:*:*:*:*:*
nullsoftwinamp2.62cpe:2.3:a:nullsoft:winamp:2.62:*:standard:*:*:*:*:*
nullsoftwinamp2.64cpe:2.3:a:nullsoft:winamp:2.64:*:*:*:*:*:*:*
Rows per page:
1-10 of 331

Related

cvelist 1
exploitdb 1
nvd 1
nessus 1
cvelist
cvelist
CVE-2004-0820
2004-09-02 04:00:00
exploitdb
exploitdb
Winamp 5.04 - '.wsz' Skin File Remote Code Execution
2004-08-25 00:00:00
nvd
nvd
CVE-2004-0820
2004-08-28 04:00:00
nessus
nessus
Winamp < 5.0.5 Skin File (.WSZ) Local Zone Arbitrary Code Execution
2005-01-19 00:00:00

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0.233

Percentile

96.6%

JSON
Related for CVE-2004-0820
cvelist1exploitdb1nvd1nessus1