CVE Details for CVE: CVE-2004-1396
Summary
Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.
| Timestamps | |
|---|---|
| Last major update | 11-07-2017 - 01:30 |
| Published | 31-12-2004 - 05:00 |
| Last modified | 11-07-2017 - 01:30 |
References
- http://forums.winamp.com/showthread.php?s=&threadid=202007
- http://www.kb.cert.org/vuls/id/372968
- http://www.securityfocus.com/bid/11909
- http://securitytracker.com/alerts/2004/Dec/1012525.html
- http://marc.info/?l=bugtraq&m=110297310503541&w=2
- http://marc.info/?l=full-disclosure&m=110303988101973&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18467
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18466
CWE
CVSS
Base
2.6
Impact
2.9
Exploitability
4.9
Access
| Vector | Complexity | Authentication |
|---|---|---|
| NETWORK | HIGH | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| NONE | NONE | PARTIAL |
CVSS3
None
VIA4 references
cvss-vector
via4
refmap
via4
| bid | 11909 |
| bugtraq | 20041213 Winamp 5.07 (latest version) Remote Crash + other stupid shizle |
| cert-vn | VU#372968 |
| confirm | http://forums.winamp.com/showthread.php?s=&threadid=202007 |
| fulldisc | 20041213 Winamp 5.07 (latest version) Remote Crash + other |
| sectrack | 1012525 |
| xf |