CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10725
https://notcve.org/view.php?id=CVE-2017-10725
05 Jul 2017 — Winamp 5.666 Build 3516(x86) allows attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Data from Faulting Address controls Code Flow starting at in_flv!winampGetInModule2+0x00000000000009a8." Winamp versión 5.666 Build 3516 (en x86), permite a los atacantes ejecutar código arbitrario o causar una denegación de servicio por medio de un archivo .flv creado, relacionado a "Data from Faulting Address controls Code Flow starting at in_flv!winampGetInModule2+0x00... • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10725 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10726
https://notcve.org/view.php?id=CVE-2017-10726
05 Jul 2017 — Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Data from Faulting Address may be used as a return value starting at f263!GetWinamp5SystemComponent+0x0000000000001951." Winamp versión 5.666 Build 3516 (en x86), podría permitir a los atacantes ejecutar código arbitrario o causar una denegación de servicio por medio de un archivo .flv creado, relacionado a ""Data from Faulting Address may be used as a return value s... • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10726 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10727
https://notcve.org/view.php?id=CVE-2017-10727
05 Jul 2017 — Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Data from Faulting Address controls Branch Selection starting at in_mp3!DeleteAudioDecoder+0x000000000000762f." Winamp versión 5.666 Build 3516 (en x86), podría permitir a los atacantes ejecutar código arbitrario o causar una denegación de servicio por medio de un archivo .flv creado, relacionado a "Data from Faulting Address controls Branch Selection starting at in_... • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10727 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10728
https://notcve.org/view.php?id=CVE-2017-10728
05 Jul 2017 — Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d." Winamp versión 5.666 Build 3516 (en x86), podría permitir a los atacantes ejecutar código arbitrario o causar una denegación de servicio por medio de un archivo .flv creado, relacionado a el "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d." • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10728 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 11%CPEs: 55EXPL: 4CVE-2014-3442 – Winamp - '.flv' File Processing Memory Corruption
https://notcve.org/view.php?id=CVE-2014-3442
16 May 2014 — Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s. Winamp 5.666 y anteriores permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída) a través de un archivo .FLV malformado, relacionado con f263.w5s. WinAMP versions 5.666 build 3516 and below suffer from a memory corruption vulnerability. • https://packetstorm.news/files/id/126636 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.4EPSS: 50%CPEs: 66EXPL: 10CVE-2013-4694 – Winamp 5.63 - Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-4694
01 Jul 2013 — Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as ... • https://packetstorm.news/files/id/122239 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 2CVE-2013-4695 – Winamp 5.63 - Invalid Pointer Dereference
https://notcve.org/view.php?id=CVE-2013-4695
01 Jul 2013 — Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution Winamp versión 5.63: una Desreferencia de Puntero No Válida conlleva a una Ejecución de Código Arbitrario. An invalid pointer dereference vulnerability has been identified in WinAmp version 5.63. The application loads the contents of the %APPDATA%\WinAmp\links.xml on startup (the key lngId="default") and while browsing through the bookmarks in the Browser view of the GUI, but does not properly validate the length of the string load... • https://www.exploit-db.com/exploits/26557 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 0CVE-2012-4045
https://notcve.org/view.php?id=CVE-2012-4045
22 Jul 2012 — Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file. Múltiples desbordamientos de bufer basado en bmp.w5s en Winamp v5.63 anterior a build 3235, permite a atacantes remotos ejecutar código arbitrario a través de la porción (1) STRF en BI_RGB o (2) los datos de vídeo UYVY en un archiv... • http://forums.winamp.com/showthread.php?t=345684 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 62EXPL: 0CVE-2012-3889
https://notcve.org/view.php?id=CVE-2012-3889
11 Jul 2012 — The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file. El plug-in in_mod de Winamp antes de v5.63 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de un fichero .IT. • http://forums.winamp.com/showthread.php?t=345684 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 62EXPL: 0CVE-2012-3890
https://notcve.org/view.php?id=CVE-2012-3890
11 Jul 2012 — The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file. El plug-in in_mod en Winamp antes de v5.63 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria dinamica 'heap') o posiblemente tener un impacto no especificado a través de un fichero .IT. • http://forums.winamp.com/showthread.php?t=345684 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •