CVE-2006-0476

Nullsoft Winamp 5.12 - Buffer Overflow via Playlist File1 Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2006-0476. PoCs published by Metasploit, Umesh Wanve, H D Moore, including Metasploit module exploits/windows/browser/winamp_playlist_unc.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Winamp (CVE-2006-0476) by delivering a malicious playlist file via HTTP. The payload is embedded in a UNC path with an overly long computer name, triggering a stack-based overflow when parsed by Winamp.

Description

Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).

Exploits (5)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16531

This exploit targets a buffer overflow vulnerability in Winamp (CVE-2006-0476) by delivering a malicious playlist file via HTTP. The payload is embedded in a UNC path with an overly long computer name, triggering a stack-based overflow when parsed by Winamp.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Winamp 5.11, 5.12
No auth needed
Prerequisites: Victim must open a malicious playlist file via HTTP · Winamp 5.11 or 5.12 must be installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Umesh Wanve · perlremotewindows
https://www.exploit-db.com/exploits/3422

This exploit targets a buffer overflow vulnerability in Winamp 5.12 by crafting a malicious playlist file with a long UNC path. It uses a jump-to-ESP technique to execute shellcode that launches calc.exe.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Winamp 5.12
No auth needed
Prerequisites: Victim must open the malicious playlist file in Winamp 5.12
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by H D Moore · remotewindows
https://www.exploit-db.com/exploits/1460

This exploit targets a buffer overflow vulnerability in Winamp 5.12 by delivering a malicious playlist file via HTTP. The overflow occurs when a UNC path with an excessively long computer name is processed, allowing arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Winamp 5.12
No auth needed
Prerequisites: Victim must open a malicious playlist file via a web browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ATmaCA · c++remotewindows
https://www.exploit-db.com/exploits/1458

This exploit leverages a buffer overflow in Winamp 5.12 by crafting a malicious .pls playlist file. The payload executes calc.exe as a proof-of-concept, demonstrating remote code execution via a specially formatted playlist file.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Winamp 5.12
No auth needed
Prerequisites: Victim must open the crafted .pls file in Winamp 5.12
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by hdm · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/winamp_playlist_unc.rb

This Metasploit module exploits a buffer overflow in Winamp by delivering a malicious playlist file via HTTP. The exploit leverages a UNC path with an overly long computer name to trigger the vulnerability, achieving remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Winamp 5.11, 5.12
No auth needed
Prerequisites: Victim must open a malicious playlist file via a browser or direct download
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (16)

Core 16
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/398
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24361
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/386
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015552
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3422
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18649
Various Sources x_refsource_misc
http://www.heise.de/newsticker/meldung/68981
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0361
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/423548/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1402
Various Sources x_refsource_misc
http://www.winamp.com/player/version_history.php
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/423436/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16410
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/22789
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA06-032A.html
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/604745

Scores

EPSS 0.8857
EPSS Percentile 99.5%

Details

Status published
Products (1)
nullsoft/winamp 5.12
Published Jan 31, 2006
Tracked Since Feb 18, 2026