1. CVE-Search
  2. CVE-2004-0820
ID CVE-2004-0820
Summary Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.
References
Vulnerable Configurations
  • cpe:2.3:a:nullsoft:winamp:2.4:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.5e:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.5e:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.24:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.24:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.50:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.50:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.60:*:full:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.60:*:full:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.60:*:lite:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.60:*:lite:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.61:*:full:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.61:*:full:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.62:*:standard:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.62:*:standard:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.64:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.64:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.64:*:standard:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.64:*:standard:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.70:*:full:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.70:*:full:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.73:*:full:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.73:*:full:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.77:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.77:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*
  • cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*
    cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
auscert ESB-2004.0537
misc http://www.frsirt.com/exploits/08252004.skinhead.php
secunia 12381
xf winamp-wsz-execute-code(17124)
Last major update 11-07-2017 - 01:30
Published 28-08-2004 - 04:00
Last modified 11-07-2017 - 01:30
Back to Top