CVE-2017-16951

MEDIUM

Winamp Pro 5.66 Build 3512 - Denial of Service via Crafted Audio File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-16951. PoCs published by R.Yavari.

AI-analyzed exploit summary This exploit generates a malformed .wav file that triggers a denial of service (DoS) in Winamp Pro v5.66.Build.3512 when opened. The crafted file contains invalid RIFF/WAV headers and data, causing the application to crash.

Description

Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file.

Exploits (1)

exploitdb WORKING POC

by R.Yavari · perldoswindows

https://www.exploit-db.com/exploits/43186

View Code ZIP pw:eip

This exploit generates a malformed .wav file that triggers a denial of service (DoS) in Winamp Pro v5.66.Build.3512 when opened. The crafted file contains invalid RIFF/WAV headers and data, causing the application to crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Winamp Pro v5.66.Build.3512

No auth needed

Prerequisites: Victim must open the malformed .wav file in Winamp Pro

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/43186/

Scores

CVSS v3 5.5

EPSS 0.0151

EPSS Percentile 81.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-20

Status published

Products (1)

audiovalley/winamp_pro 5.66

Published Nov 28, 2017

Tracked Since Feb 18, 2026