Description
The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Luigi Auriemma · textdoswindows
https://www.exploit-db.com/exploits/23124
References (1)
Core 1
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106305643432112&w=2
Scores
EPSS
0.0445
EPSS Percentile
89.1%
Details
Status
published
Products (4)
nullsoft/winamp
2.81
nullsoft/winamp
2.91
nullsoft/winamp
3.0
nullsoft/winamp
3.1
Published
Sep 17, 2003
Tracked Since
Feb 18, 2026