CVE-2013-4694

Winamp <5.64 Build 3418 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-4694. PoCs published by Ayman Sagy, Julien Ahrens.

AI-analyzed exploit summary This exploit generates a malicious winamp.ini file that triggers a buffer overflow in Winamp 5.63, leading to arbitrary code execution via a venetian shellcode technique and egghunter. It supports payloads for adding an admin user or launching calc.exe.

Description

Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Ayman Sagy · pythonlocalwindows
https://www.exploit-db.com/exploits/27874

This exploit generates a malicious winamp.ini file that triggers a buffer overflow in Winamp 5.63, leading to arbitrary code execution via a venetian shellcode technique and egghunter. It supports payloads for adding an admin user or launching calc.exe.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Winamp 5.63
No auth needed
Prerequisites: Winamp 5.63 installed on Windows XP SP3 · Ability to place malicious winamp.ini in the target's AppData directory
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Julien Ahrens · textdoswindows
https://www.exploit-db.com/exploits/26558

This is a detailed security advisory describing two stack-based buffer overflow vulnerabilities in WinAmp v5.63, including proof-of-concept debug information but no executable exploit code.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: WinAmp v5.63
No auth needed
Prerequisites: Victim must download and apply a malicious skin package or have a malicious winamp.ini file placed in %APPDATA%\WinAmp\
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Jul/4
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/26558
Patch, Vendor Advisory x_refsource_confirm
http://forums.winamp.com/showthread.php?t=364291
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/94739
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/85399
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/94740
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030107
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/60883

Scores

EPSS 0.1721
EPSS Percentile 96.7%

Details

CWE
CWE-119
Status published
Products (47)
nullsoft/winamp 0.20a
nullsoft/winamp 0.92
nullsoft/winamp 1.006
nullsoft/winamp 1.90
nullsoft/winamp 2.0
nullsoft/winamp 2.6
nullsoft/winamp 2.9
nullsoft/winamp 2.10
nullsoft/winamp 2.91
nullsoft/winamp 2.92
... and 37 more
Published Apr 16, 2014
Tracked Since Feb 18, 2026