CVE-2004-1896
https://notcve.org/view.php?id=CVE-2004-1896
Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file. • http://marc.info/?l=bugtraq&m=108118289208693&w=2 http://secunia.com/advisories/11285 http://securitytracker.com/id?1009660 http://www.nextgenss.com/advisories/winampheap.txt http://www.osvdb.org/4944 http://www.securityfocus.com/bid/10045 https://exchange.xforce.ibmcloud.com/vulnerabilities/15727 •
CVE-2004-0820 – Winamp 5.04 - '.wsz' Skin File Remote Code Execution
https://notcve.org/view.php?id=CVE-2004-0820
Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file. • https://www.exploit-db.com/exploits/418 http://secunia.com/advisories/12381 http://www.auscert.org.au/render.html?it=4338 http://www.frsirt.com/exploits/08252004.skinhead.php https://exchange.xforce.ibmcloud.com/vulnerabilities/17124 •
CVE-2003-0765 – NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2003-0765
The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value. IN_MIDI.DLL plugin 3.01 y versiones anteriores, como es utilizado en Winamp 2.91, permite a atacantes remotos la ejecución de código arbitrario mediante un fichero MIDI con un valor "Track data size" largo. • https://www.exploit-db.com/exploits/23124 http://marc.info/?l=bugtraq&m=106305643432112&w=2 •
CVE-2002-2392
https://notcve.org/view.php?id=CVE-2002-2392
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code. • http://seclists.org/bugtraq/2002/Jul/0205.html http://www.iss.net/security_center/static/9630.php http://www.securityfocus.com/bid/5266 •