CVE-2008-3567 Information

Description

Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags.

Reference

http://blog.watchfire.com/wfblog/2008/09/winamp-nowplayi.html http://forums.winamp.com/showthread.php?threadid=295505 http://secunia.com/advisories/31371 http://www.securityfocus.com/bid/30539 https://exchange.xforce.ibmcloud.com/vulnerabilities/44207 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A15716