Cross-Zone Scripting Vulnerability in NullSoft Winamp Music Player
CVE-2008-3567

Currently unrated

Key Information:

Vendor: Nullsoft
Status: Winamp
Vendor: CVE Published:; 10 August 2008

What is CVE-2008-3567?

A cross-zone scripting vulnerability exists in the NowPlaying functionality of NullSoft Winamp prior to version 5.541. Remote attackers can exploit this flaw to perform cross-site scripting (XSS) attacks by embedding malicious JavaScript within MP3 file id3 tags. This allows for unauthorized actions within the context of the user's session, significantly compromising the security of the user's environment.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://exchange.xforce.ibmcloud.com/vulnerabilities/44207

vdb-entryx_refsource_XF

http://forums.winamp.com/showthread.php?threadid=295505

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 10, 2008
Vulnerability Reserved
Aug 10, 2008

Nullsoft

What is CVE-2008-3567?

References

Timeline