Published: 28/08/2004 Updated: 11/07/2017

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Winamp prior to 5.0.4 allows remote malicious users to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nullsoft winamp 2.4
nullsoft winamp 2.50
nullsoft winamp 2.64
nullsoft winamp 2.65
nullsoft winamp 2.70
nullsoft winamp 2.75
nullsoft winamp 2.76
nullsoft winamp 3.0
nullsoft winamp 3.1
nullsoft winamp 2.60
nullsoft winamp 2.61
nullsoft winamp 2.72
nullsoft winamp 2.73
nullsoft winamp 2.79
nullsoft winamp 2.80
nullsoft winamp 5.03
nullsoft winamp 5.04
nullsoft winamp 2.5e
nullsoft winamp 2.71
nullsoft winamp 2.77
nullsoft winamp 2.78
nullsoft winamp 5.01
nullsoft winamp 5.02
nullsoft winamp 2.10
nullsoft winamp 2.24
nullsoft winamp 2.62
nullsoft winamp 2.74
nullsoft winamp 2.81
nullsoft winamp 2.91

This 0day exploit is known to be circulating in the wild There is no patch for this vulnerability -> Do not use Winamp ! githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/418rar (skinheadrar - 171 Ko) indexhtml ----------- <html> <head> </head> <frameset rows="*,1" framespacing="0" ...

NVD-CWE-Other http://www.frsirt.com/exploits/08252004.skinhead.php http://secunia.com/advisories/12381/http://www.auscert.org.au/render.html?it=4338 https://exchange.xforce.ibmcloud.com/vulnerabilities/17124 https://nvd.nist.gov https://www.exploit-db.com/exploits/418/

CVE-2004-0820

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect