Advisories » Winamp Ultravox Streaming Metadata Parsing Remote Buffer Overflow Vulnerabilities
| Release Date: | 18/01/2008 | Severity: | Highly Critical  |
| SecWatch Advisory: | SWID1020113 | Cause: | Boundary error |
| Solution Status: | Vendor Patch | Impact: | Execution of arbitrary code |
| Exploit Status: | None Available | Access Vector: | From remote |
| Affected Software: | Winamp 5.x | ||
| Original Advisory: | http://secunia.com/secunia_research/2008-2/ |
||
| References: | FrSIRT/ADV-2008-0183 |
||
| CVE: | CVE-2008-0065 | ||
| Secunia: | SA27865 | ||
| Bugtraq ID: | BID#27344 | ||
Description:
Multiple vulnerabilities in Winamp have been reported, which can be exploited by remote users to compromise a user's system.
Boundary errors exist when parsing Ultravox streaming metadata containing overly long "<artist>" and "<name>" tag values in the <metadata> section within in_mp3.dll, which can be exploited to cause stack-based buffer overflows and execute arbitrary code.
Affected:
Winamp versions 5.21, 5.5 and 5.51. Other versions may also be affected.
Solution:
The vulnerability has been fixed in version 5.52, available:
http://www.winamp.com/player
Credits:
Free Vulnerability Notification Service
Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.
Related Vulnerabilities and Exploits
30 Jan 06: Winamp 5.12 (Crafted PLS) Remote Buffer Overflow Expl.. (winamp0day.c)
12 Oct 07: Winamp FLAC Media File Processing Remote Integer Overflow Vulnera..
01 May 07: Winamp MP4 File Handling Memory Corruption Vulnerability
30 Apr 07: Winamp <= 5.34 MP4 File Handling Remote Memory Co.. (Winamp_MP4_BoF.c)
07 Mar 07: Winamp <= 5.12 (Crafted PLS) Remote Buffer .. (winamp_playlist_unc.pl)