1. CVE-Search
  2. CVE-2006-0476
ID CVE-2006-0476
Summary Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
References
Vulnerable Configurations
  • cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*
CVSS
Base: 7.6 (as of 19-10-2018 - 15:45)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:N/C:C/I:C/A:C
oval via4
accepted 2009-11-09T04:00:03.860-05:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Mike Lah
    organization The MITRE Corporation
definition_extensions
comment Winamp is installed
oval oval:org.mitre.oval:def:6897
description Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
family windows
id oval:org.mitre.oval:def:1402
status accepted
submitted 2006-02-01T08:59:00.000-04:00
title Winamp Hostname Buffer Overflow
version 5
refmap via4
bid 16410
bugtraq
  • 20060130 Winamp 5.12 - 0day exploit - code execution through playlist
  • 20060131 Re: Re: Winamp 5.12 - 0day exploit - code execution through playlist
cert TA06-032A
cert-vn VU#604745
exploit-db
  • 1458
  • 3422
misc
osvdb 22789
sectrack 1015552
secunia 18649
sreason
vupen ADV-2006-0361
xf winamp-playlist-filename-bo(24361)
saint via4
bid 16410
description Winamp playlist file buffer overflow
id misc_winamp
osvdb 22789
title winamp_playlist_file
type client
Last major update 19-10-2018 - 15:45
Published 31-01-2006 - 11:03
Last modified 19-10-2018 - 15:45
Back to Top