| Vulnerability Name: | CVE-2004-1150 (CCN-18840) | ||||||||
| Assigned: | 2004-12-31 | ||||||||
| Published: | 2004-12-31 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: NSFOCUS Security Advisory (SA2005-01) Buffer Overflow in WinAMP in_cdda.dll CDA Device Name Source: MITRE Type: CNA CVE-2004-1150 Source: CCN Type: Nullsoft Web site Winamp 5.08c released Source: BUGTRAQ Type: UNKNOWN 20050127 NSFOCUS SA2005-01 : Buffer Overflow in WinAMP in_cdda.dll CDA Device Name Source: CCN Type: SA13781 Winamp in_cdda.dll CDA Device Name Buffer Overflow Source: SECUNIA Type: UNKNOWN 13781 Source: MISC Type: Exploit http://www.nsfocus.com/english/homepage/research/0501.htm Source: CCN Type: OSVDB ID: 12858 Winamp in_cdda.dll CDA Device Name Overflow Source: CCN Type: BID-12245 Nullsoft Winamp Multiple Unspecified Vulnerabilities Source: BID Type: UNKNOWN 12381 Source: CCN Type: BID-12381 Nullsoft Winamp Variant IN_CDDA.dll Remote Buffer Overflow Vulnerability Source: CCN Type: Winamp Web page WINAMP Source: CONFIRM Type: UNKNOWN http://www.winamp.com/player/version_history.php Source: XF Type: UNKNOWN winamp-incdda-bo(18840) Source: XF Type: UNKNOWN winamp-incdda-bo(18840) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||