Lucene search
HistoryOct 03, 2022 - 4:23 p.m.
CVE-2002-2392
cve-2002-2392
winamp
skin files
arbitrary code execution
url reference
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
8 High
AI Score
Confidence
Low
0.009 Low
EPSS
Percentile
82.9%
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.
Affected configurations
Node
nullsoftwinampMatch2.65
ORnullsoftwinampMatch2.70
ORnullsoftwinampMatch2.71
ORnullsoftwinampMatch2.72
ORnullsoftwinampMatch2.73
ORnullsoftwinampMatch2.74
ORnullsoftwinampMatch2.75
ORnullsoftwinampMatch2.76
ORnullsoftwinampMatch2.77
ORnullsoftwinampMatch2.78
ORnullsoftwinampMatch2.79
ORnullsoftwinampMatch2.80
ORnullsoftwinampMatch3.1
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
8 High
AI Score
Confidence
Low
0.009 Low
EPSS
Percentile
82.9%
Related for CVE-2002-2392