Winamp Playlist Buffer Overflow
Systems Affected
Microsoft Windows systems with Winamp 5.13 or earlier
Overview
America Online has released Winamp 5.2 to correct a buffer overflow vulnerability. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code with the privileges of the user.
Description
Winamp is a media player that is commonly used to play MP3 files. Winamp 5.2 resolves a buffer overflow vulnerability in how playlist files are handled. Details are available in the following Vulnerability Note:
VU#604745 - Winamp fails to properly handle playlists with long computer names
Winamp contains a buffer overflow vulnerability when processing a playlist that specifies a long computer name. This may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system.
Impact
By convincing a user to open a specially crafted playlist file, a remote unauthenticated attacker may be able to execute arbitrary code with the privileges of the user. Winamp may open a playlist file without any user interaction as the result of viewing a web page or other HTML document.
Solution
Upgrade
Upgrade to Winamp 5.2.
Appendix A. References
- US-CERT Vulnerability Note VU#604745 - http://www.kb.cert.org/vuls/id/604745
- CVE-2006-0476 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0476
- National Vulnerability Database (CVE-2006-0476) - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0476
- WINAMP.COM | Player | Version History - http://www.winamp.com/player/version_history.php
- WINAMP.COM | Player - http://www.winamp.com/player
Feedback can be directed to the US-CERT Technical Staff
Produced by US-CERT, a government organization. Terms of use
Revision History
-
February 1, 2006: Initial release
February 23, 2006: Changed Winamp version to 5.2Last updated
This product is provided subject to this Notification and this Privacy & Use policy.