CVE-2002-2392

Published Dec 31, 2002

Last updated 16 years ago

Overview

Description: Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D708182-E39F-44E4-9C67-52A85ACBA43C"
          },
          {
            "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "053A71B1-EF83-4750-ACCD-7ABEFF593BEE"
          },
          {
            "criteria": "cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C5286A1-C8ED-4783-9278-D30D9B1C588A"
          },
          {
            "criteria": "cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3513F3C2-CDD6-461C-985E-E06151AEA804"
          },
          {
            "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC6CB5C4-0FEC-4F85-B874-E06229265457"
          },
          {
            "criteria": "cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD6E478F-D058-482B-B027-605B7A769900"
          },
          {
            "criteria": "cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9D8698A-B1AE-4041-9055-B6690F671E42"
          },
          {
            "criteria": "cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2CC66AF-0CB8-4E15-98A3-4704CB2AD78E"
          },
          {
            "criteria": "cpe:2.3:a:nullsoft:winamp:2.77:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E36F70C-F578-425E-A97F-1BD196F7F08B"
          },
          {
            "criteria": "cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AEDAD5F1-5B42-40ED-919C-65343567261C"
          },
          {
            "criteria": "cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BAC79237-791C-4830-BC81-D534FA537D53"
          },
          {
            "criteria": "cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1AFA764-16B4-4E5E-8F9C-46098E758CC7"
          },
          {
            "criteria": "cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19C64AF2-CF9D-4052-85E9-BAFF713382F4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References