CVE-2002-2392
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/12/2002
Last modified:
03/04/2025
Description
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.
Impact
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:* | ||
cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:* | ||
cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:* | ||
cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:* | ||
cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:* | ||
cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:* | ||
cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:* | ||
cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:* | ||
cpe:2.3:a:nullsoft:winamp:2.77:*:*:*:*:*:*:* | ||
cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:* | ||
cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:* | ||
cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:* | ||
cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page