| Name | Winamp.Ultravox.Metadata.Parsing.Buffer.Overflow |
| Release Date | Jan 29, 2008 |
| Severity | Critical |
| Impact | System Compromise: remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attempt to exploit a buffer overflow vulnerability in
Winamp versions before 5.52.
Winamp contains a vulnerability that can be exploited to cause a stack based buffer overflow via overly long "" and "" tag values. The problem is in "in_mp3.dll", and occurs when constructing stream titles while parsing Ultravox streaming metadata. |
| Affected Products | Winamp 5.21, 5.22, 5.23, 5.5, and 5.51. |
| Recommended Actions | Update to version 5.52, available from the web site.
http://www.winamp.com/player |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0065
|
| Reference/s | http://www.securityfocus.com/bid/27344 (BugTraq)
http://www.vupen.com/english/advisories/2008/0183 (FrSIRT)
|