Vulnerability Details : CVE-2002-2195
Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response.
Vulnerability category: OverflowExecute code
Products affected by CVE-2002-2195
- cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.60:*:lite:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.61:*:full:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.62:*:standard:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.70:*:full:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.73:*:full:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.64:*:standard:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2002-2195
2.65%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2002-2195
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2002-2195
-
http://www.iss.net/security_center/static/9488.php
Exploit
-
http://www.securityfocus.com/bid/5170
Exploit;Patch
Jump to