Alias(es)Nullsoft.Winamp.m3u.Buffer.Overflow, Nullsoft.Winamp.pls.Buffer.Overflow |
Release DateFeb 14, 2006 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an exploit attempt against buffer overflow vulnerability in Nullsoft Winamp 5.094.The vulnerability allows remote attackers to execute arbitrary code via an "m3u" file containing a long line ending in ".wma", or a "pls" file containing a long "File1" value ending in ".wma". An attacker may gain unauthorized access to a computer with the privileges of the user that activated the vulnerable application by exploiting this issue. |
Affected ProductsNullsoft Winamp 5.094 |
Recommended ActionsUpgrade to version Winamp 5.13 or later. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-5709CVE-2009-2362 CVE-2009-2817 CVE-2005-3188 CVE-2005-0043 CVE-2006-0476 CVE-2007-4803 |
Reference/shttp://www.securityfocus.com/bid/33420 (BugTraq)http://www.securityfocus.com/bid/30252 (BugTraq) http://www.securityfocus.com/bid/43535 (BugTraq) http://www.securityfocus.com/bid/34165 (BugTraq) http://www.securityfocus.com/bid/12238 (BugTraq) http://www.securityfocus.com/bid/16462 (BugTraq) http://www.securityfocus.com/bid/25546 (BugTraq) |
