|
|
>> Winamp Ultravox Streaming Metadata Parsing Buffer Overflow Issues
|
Title : Winamp Ultravox Streaming Metadata Parsing Buffer Overflow Issues
VUPEN ID : VUPEN/ADV-2008-0183
CVE ID : CVE-2008-0065
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-01-18
|
Multiple vulnerabilities have been identified in Winamp, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. These issues are caused by buffer overflow errors in "in_mp3.dll" when constructing stream titles while parsing Ultravox streaming metadata, which could be exploited by remote attackers to execute arbitrary code via overly long "<artist>" and "<name>" tag values in the <metadata> section.
An integer overflow has also been reported in the "gen_ff.dll" library when parsing a specially crafted ".maki" file, which could be exploited by attackers to execute arbitrary code by tricking a user into loading a malicious skin.
Affected Products
Winamp version 5.51 and prior
Solution
Upgrade to Winamp version 5.52 :
http://www.winamp.com/player
References
http://www.vupen.com/english/advisories/2008/0183
http://secunia.com/secunia_research/2008-2/advisory
http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-parsing-vulnerability.html
Credits
Vulnerabilities reported by Carsten Eiram (Secunia Research) and Monica Sojeong Hong.
ChangeLog
2008-01-18 : Initial release
2009-05-25 : Updated Description
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
