Cross-Zone Scripting Vulnerability in NullSoft Winamp Music Player
CVE-2008-3567

Currently unrated

Key Information:

Vendor

Nullsoft

Status
Winamp
Vendor
CVE Published:
10 August 2008

What is CVE-2008-3567?

A cross-zone scripting vulnerability exists in the NowPlaying functionality of NullSoft Winamp prior to version 5.541. Remote attackers can exploit this flaw to perform cross-site scripting (XSS) attacks by embedding malicious JavaScript within MP3 file id3 tags. This allows for unauthorized actions within the context of the user's session, significantly compromising the security of the user's environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/44207
vdb-entryx_refsource_XF
http://forums.winamp.com/showthread.php?threadid=295505
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.