CVE-2004-0820

EXPLOITED

Winamp <5.0.4 - RCE

Title source: llm

Description

Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Petrol Designs · cremotewindows

https://www.exploit-db.com/exploits/418

View Code ZIP pw:eip

References (4)

[Patch, Vendor Advisory] http://secunia.com/advisories/12381/

[Patch, Vendor Advisory] http://www.auscert.org.au/render.html?it=4338

[Patch, Vendor Advisory] http://www.frsirt.com/exploits/08252004.skinhead.php

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17124

Scores

EPSS 0.0215

EPSS Percentile 84.3%

Details

VulnCheck KEV 2004-08-25

Status published

Products (29)

nullsoft/winamp 2.4

nullsoft/winamp 2.5e

nullsoft/winamp 2.10

nullsoft/winamp 2.24

nullsoft/winamp 2.50

nullsoft/winamp 2.60 (2 CPE variants)

nullsoft/winamp 2.61

nullsoft/winamp 2.62

nullsoft/winamp 2.64 (2 CPE variants)

nullsoft/winamp 2.65

... and 19 more

Published Aug 28, 2004

Tracked Since Feb 18, 2026