CVE-2010-4371

Winamp < 5.6 - Buffer Overflow in in_mod Plugin via Comment Box

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2010-4371. PoCs published by Mighty-D & 7eK, Mighty-D, Luigi Auriemma.

AI-analyzed exploit summary This exploit targets a stack overflow vulnerability in Winamp 5.5.8.2985's in_mod plugin. It crafts a malicious .mtm file with a NOP sled, EIP overwrite, and encoded shellcode to achieve remote code execution on Windows XP SP3 without ASLR or DEP bypass.

Description

Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Mighty-D & 7eK · pythonlocalwindows
https://www.exploit-db.com/exploits/15312

This exploit targets a stack overflow vulnerability in Winamp 5.5.8.2985's in_mod plugin. It crafts a malicious .mtm file with a NOP sled, EIP overwrite, and encoded shellcode to achieve remote code execution on Windows XP SP3 without ASLR or DEP bypass.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Winamp 5.5.8.2985 (in_mod plugin)
No auth needed
Prerequisites: Victim must open the malicious .mtm file in Winamp 5.5.8.2985
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Mighty-D · pythonlocalwindows
https://www.exploit-db.com/exploits/15287

This exploit targets a stack overflow vulnerability in Winamp 5.5.8.2985's in_mod plugin, leveraging a crafted header and shellcode to achieve remote code execution. The payload includes a bind shell on port 4444 and handles bad characters through careful manipulation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Winamp 5.5.8.2985 (in_mod plugin)
No auth needed
Prerequisites: Winamp 5.5.8.2985 installed on Windows XP SP3 · Ability to deliver malicious file to victim
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Luigi Auriemma · textdoswindows
https://www.exploit-db.com/exploits/15248

This is a detailed writeup by Luigi Auriemma describing multiple integer overflow and buffer overflow vulnerabilities in Winamp plugins (in_mkv, in_nsv, in_midi, in_mod). The document explains the technical details of each vulnerability but does not include actual exploit code.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Winamp <= 5.5.8.2985
No auth needed
Prerequisites: Victim must open a maliciously crafted media file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Various Sources x_refsource_confirm
http://forums.winamp.com/showthread.php?threadid=159785
Various Sources x_refsource_confirm
http://forums.winamp.com/showthread.php?t=324322
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12309

Scores

EPSS 0.0610
EPSS Percentile 92.5%

Details

CWE
CWE-119
Status published
Products (50)
nullsoft/winamp 0.20a
nullsoft/winamp 0.92
nullsoft/winamp 1.006
nullsoft/winamp 1.90
nullsoft/winamp 2.0
nullsoft/winamp 2.6
nullsoft/winamp 2.9
nullsoft/winamp 2.10
nullsoft/winamp 2.91
nullsoft/winamp 2.92
... and 40 more
Published Dec 02, 2010
Tracked Since Feb 18, 2026