Lucene search

MitreCVE-2004-1150

HistoryJan 29, 2005 - 5:00 a.m.

CVE-2004-1150

2005-01-2905:00:00

mitre

web.nvd.nist.gov

cve-2004-1150

buffer overflow

winamp

in_cdda.dll

code execution

security vulnerability

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

High

EPSS

0.005

Percentile

77.2%

JSON

Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.

Affected configurations

Nvd

Node

nullsoftwinampMatch5.0

nullsoftwinampMatch5.01

nullsoftwinampMatch5.02

nullsoftwinampMatch5.03

nullsoftwinampMatch5.04

nullsoftwinampMatch5.05

nullsoftwinampMatch5.06

nullsoftwinampMatch5.07

nullsoftwinampMatch5.08c

VendorProductVersionCPE
nullsoftwinamp5.0cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*
nullsoftwinamp5.01cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*
nullsoftwinamp5.02cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*
nullsoftwinamp5.03cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*
nullsoftwinamp5.04cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*
nullsoftwinamp5.05cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*
nullsoftwinamp5.06cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*
nullsoftwinamp5.07cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*
nullsoftwinamp5.08ccpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nullsoft	winamp	5.0	cpe:2.3:a:nullsoft:winamp:5.0:::::::*
nullsoft	winamp	5.01	cpe:2.3:a:nullsoft:winamp:5.01:::::::*
nullsoft	winamp	5.02	cpe:2.3:a:nullsoft:winamp:5.02:::::::*
nullsoft	winamp	5.03	cpe:2.3:a:nullsoft:winamp:5.03:::::::*
nullsoft	winamp	5.04	cpe:2.3:a:nullsoft:winamp:5.04:::::::*
nullsoft	winamp	5.05	cpe:2.3:a:nullsoft:winamp:5.05:::::::*
nullsoft	winamp	5.06	cpe:2.3:a:nullsoft:winamp:5.06:::::::*
nullsoft	winamp	5.07	cpe:2.3:a:nullsoft:winamp:5.07:::::::*
nullsoft	winamp	5.08c	cpe:2.3:a:nullsoft:winamp:5.08c:::::::*

References

marc.info/?l=bugtraq&m=110684140108614&w=2

secunia.com/advisories/13781

www.nsfocus.com/english/homepage/research/0501.htm

www.securityfocus.com/bid/12381

www.winamp.com/player/version_history.php

exchange.xforce.ibmcloud.com/vulnerabilities/18840

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

High

EPSS

0.005

Percentile

77.2%

JSON

Related for CVE-2004-1150