Archived Content

In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
Alert

Winamp Playlist Buffer Overflow

Last Revised
Alert Code
TA06-032A

Systems Affected

Microsoft Windows systems with Winamp 5.13 or earlier

Overview

America Online has released Winamp 5.2 to correct a buffer overflow vulnerability. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code with the privileges of the user.

Description

Winamp is a media player that is commonly used to play MP3 files. Winamp 5.2 resolves a buffer overflow vulnerability in how playlist files are handled. Details are available in the following Vulnerability Note:

VU#604745 - Winamp fails to properly handle playlists with long computer names

Winamp contains a buffer overflow vulnerability when processing a playlist that specifies a long computer name. This may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system.

Impact

By convincing a user to open a specially crafted playlist file, a remote unauthenticated attacker may be able to execute arbitrary code with the privileges of the user. Winamp may open a playlist file without any user interaction as the result of viewing a web page or other HTML document.

Solution

Upgrade

Upgrade to Winamp 5.2.

Appendix A. References


Feedback can be directed to the US-CERT Technical Staff

Produced by US-CERT, a government organization. Terms of use

Revision History

  • February 1, 2006: Initial release

    February 23, 2006: Changed Winamp version to 5.2

    Last updated

This product is provided subject to this Notification and this Privacy & Use policy.