CVE-2002-2392
First published: Tue Dec 31 2002(Updated: )
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NullSoft Winamp | =2.72 | |
| NullSoft Winamp | =2.73 | |
| NullSoft Winamp | =2.75 | |
| NullSoft Winamp | =2.65 | |
| NullSoft Winamp | =3.1 | |
| NullSoft Winamp | =2.76 | |
| NullSoft Winamp | =2.80 | |
| NullSoft Winamp | =2.74 | |
| NullSoft Winamp | =2.71 | |
| NullSoft Winamp | =2.78 | |
| NullSoft Winamp | =2.77 | |
| NullSoft Winamp | =2.70 | |
| NullSoft Winamp | =2.79 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- vendor/nullsoft
- canonical/nullsoft winamp
- version/nullsoft winamp/2.72
- version/nullsoft winamp/2.73
- version/nullsoft winamp/2.75
- version/nullsoft winamp/2.65
- version/nullsoft winamp/3.1
- version/nullsoft winamp/2.76
- version/nullsoft winamp/2.80
- version/nullsoft winamp/2.74
- version/nullsoft winamp/2.71
- version/nullsoft winamp/2.78
- version/nullsoft winamp/2.77
- version/nullsoft winamp/2.70
- version/nullsoft winamp/2.79