Unrated severityNVD Advisory· Published Sep 17, 2003· Updated Apr 16, 2026

CVE-2003-0765

Description

The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.

Affected products

Nullsoft/Winamp4 versions
cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

marc.infonvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000