Description
Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by securfrog · textdoswindows
https://www.exploit-db.com/exploits/7742
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14756
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0113
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33226
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33478
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/7742
Scores
EPSS
0.1787
EPSS Percentile
95.2%
Details
CWE
CWE-119
Status
published
Products (43)
nullsoft/winamp
2.0
nullsoft/winamp
2.4
nullsoft/winamp
2.5e
nullsoft/winamp
2.6x
nullsoft/winamp
2.7x
nullsoft/winamp
2.10
nullsoft/winamp
2.24
nullsoft/winamp
2.50
nullsoft/winamp
2.60 (3 CPE variants)
nullsoft/winamp
2.61 (2 CPE variants)
... and 33 more
Published
Jan 23, 2009
Tracked Since
Feb 18, 2026