CVE-2004-1396

Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:N/I:N/A:P

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://forums.winamp.com/showthread.php?s=&threadid=202007	Exploit
http://www.kb.cert.org/vuls/id/372968	US Government Resource
http://www.securityfocus.com/bid/11909
http://securitytracker.com/alerts/2004/Dec/1012525.html
http://marc.info/?l=bugtraq&m=110297310503541&w=2
http://marc.info/?l=full-disclosure&m=110303988101973&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/18467
https://exchange.xforce.ibmcloud.com/vulnerabilities/18466

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*

Information

Published : 2004-12-30 21:00

Updated : 2017-07-10 18:30

NVD link : CVE-2004-1396

Mitre link : CVE-2004-1396

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

nullsoft

winamp

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://forums.winamp.com/showthread.php?s=&threadid=202007", "name": "http://forums.winamp.com/showthread.php?s=&threadid=202007", "tags": ["Exploit"], "refsource": "CONFIRM"}, {"url": "http://www.kb.cert.org/vuls/id/372968", "name": "VU#372968", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/11909", "name": "11909", "tags": [], "refsource": "BID"}, {"url": "http://securitytracker.com/alerts/2004/Dec/1012525.html", "name": "1012525", "tags": [], "refsource": "SECTRACK"}, {"url": "http://marc.info/?l=bugtraq&m=110297310503541&w=2", "name": "20041213 Winamp 5.07 (latest version) Remote Crash + other stupid shizle", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=full-disclosure&m=110303988101973&w=2", "name": "20041213 Winamp 5.07 (latest version) Remote Crash + other", "tags": [], "refsource": "FULLDISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18467", "name": "winamp-nsa-nsv-dos(18467)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18466", "name": "winamp-mp4-m4a-dos(18466)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-1396", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2004-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:30Z"}