Unrated severityNVD Advisory· Published Feb 15, 2006· Updated Jun 16, 2026
CVE-2006-0708
CVE-2006-0708
Description
Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476.
Affected products
19cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*
- (no CPE)range: <=5.13
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- securitytracker.com/idnvdExploit
- forums.winamp.com/showthread.phpnvd
- securityreason.com/securityalert/444nvd
- securityreason.com/securityalert/492nvd
- www.securityfocus.com/archive/1/424903/100/0/threadednvd
- www.securityfocus.com/bid/16623nvd
- www.vupen.com/english/advisories/2006/0613nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24739nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24740nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24741nvd
News mentions
0No linked articles in our index yet.