CVE-2004-1150

Published: Dec 31, 2004Modified: Apr 16, 2026

5.1

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 4.9 / Impact: 6.4

Source: NVD

Description

Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.

Affected (9)

Products: Nullsoft: Winamp

1 product

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Nullsoft Winamp	Version 5.01
Nullsoft Winamp	Version 5.02
Nullsoft Winamp	Version 5.03
Nullsoft Winamp	Version 5.04
Nullsoft Winamp	Version 5.05
Nullsoft Winamp	Version 5.06
Nullsoft Winamp	Version 5.07
Nullsoft Winamp	Version 5.08c
Nullsoft Winamp	Version 5.0

References (12)

http://marc.info/?l=bugtraq&m=110684140108614&w=2

Source: cve@mitre.org

http://secunia.com/advisories/13781

Source: cve@mitre.org

http://www.nsfocus.com/english/homepage/research/0501.htm

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/12381

Source: cve@mitre.org

http://www.winamp.com/player/version_history.php

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/18840

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=110684140108614&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/13781

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.nsfocus.com/english/homepage/research/0501.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/12381

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.winamp.com/player/version_history.php

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/18840

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.