Buffer Overflow Vulnerability in Winamp Audio Player
CVE-2009-0263

Currently unrated

Key Information:

Vendor

Nullsoft

Status
Winamp
Vendor
CVE Published:
23 January 2009

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 17%

What is CVE-2009-0263?

Winamp, a popular audio player, is susceptible to multiple buffer overflow vulnerabilities in version 5.541 and earlier. These vulnerabilities can be exploited by remote attackers through specially crafted AIFF and MP3 files. An attacker can modify a Common Chunk (COMM) header value in an AIFF file or introduce a large invalid value in an MP3 file, potentially leading to a denial of service condition or arbitrary code execution on the impacted system.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-0263 - Proof of Concept

References

https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
http://www.vupen.com/english/advisories/2009/0113
vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/bid/33226
vdb-entryx_refsource_BID

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.