Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Winamp | Nullsoft | 5.05 | 5.05 |
| Winamp | Nullsoft | 5.02 | 5.02 |
| Winamp | Nullsoft | 5.01 | 5.01 |
| Winamp | Nullsoft | 5.04 | 5.04 |
| Winamp | Nullsoft | 5.06 | 5.06 |
| Winamp | Nullsoft | 5.07 | 5.07 |
| Winamp | Nullsoft | 5.03 | 5.03 |
| Winamp | Nullsoft | 5.0 | 5.0 |
| Winamp | Nullsoft | 5.08c | 5.08c |