CVE-2008-3567

Name of the Vulnerable Software and Affected Versions NullSoft Winamp versions prior to 5.541

Description The issue concerns a cross-zone scripting vulnerability in the NowPlaying functionality. This allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags. The impact and attack vectors of an unspecified vulnerability in the same functionality are unknown.

Recommendations For versions prior to 5.541, update to version 5.541 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the NowPlaying functionality with MP3 files containing JavaScript in id3 tags until the update is applied.