CVE-2013-4695

HIGH

Winamp 5.63 - Arbitrary Code Execution via Invalid Pointer Dereference

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4695. PoCs published by Julien Ahrens.

AI-analyzed exploit summary The advisory describes an invalid pointer dereference vulnerability in WinAmp v5.63, where improper validation of strings in the links.xml file can lead to code execution or DoS. The PoC includes debug register and stack traces but lacks executable exploit code.

Description

Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution

Exploits (1)

exploitdb WRITEUP

by Julien Ahrens · textdoswindows

https://www.exploit-db.com/exploits/26557

View Code ZIP pw:eip

The advisory describes an invalid pointer dereference vulnerability in WinAmp v5.63, where improper validation of strings in the links.xml file can lead to code execution or DoS. The PoC includes debug register and stack traces but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: WinAmp v5.63

No auth needed

Prerequisites: Victim must place a malicious links.xml file in %APPDATA%\WinAmp\

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://www.exploit-db.com/exploits/26557

Third Party Advisory, VDB Entry x_refsource_misc

http://www.securitytracker.com/id/1030107

Scores

CVSS v3 7.8

EPSS 0.0528

EPSS Percentile 91.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-763

Status published

Products (1)

winamp/winamp 5.63

Published Dec 27, 2019

Tracked Since Feb 18, 2026