Playlist.Buffer.Overflow

Last Updated Date	May 13, 2008
Release Date	Feb 14, 2006
Severity	High
Impact	System Compromise: Remote attackers can gain control of vulnerable systems.
Description	This indicates an exploit attempt against buffer overflow vulnerability in Nullsoft Winamp 5.094. The vulnerability allows remote attackers to execute arbitrary code via an "m3u" file containing a long line ending in ".wma", or a "pls" file containing a long "File1" value ending in ".wma". An attacker may gain unauthorized access to a computer with the privileges of the user that activated the vulnerable application by exploiting this issue.
Affected Products	Nullsoft Winamp 5.094
Recommended Actions	Upgrade to version Winamp 5.13 or later.
Common Vulnerabilities and Exposures (CVE)	http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-0043 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-3188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-0476
Reference/s	http://www.securityfocus.com/bid/12238 (BugTraq) http://www.securityfocus.com/bid/16462 (BugTraq) http://www.securityfocus.com/bid/34165 (BugTraq)

Reference: VID-11707