Secunia Advisory: SA22580
Release Date: 2006-10-25
Critical: Highly critical
Solution Status: Vendor Patch
Description:
Two vulnerabilities have been reported in Winamp, which can be exploited by malicious people to compromise a user's system.
1) An error in the Ultravox protocol handler during processing of the "ultravox-max-msg" header can be exploited to cause a heap-based buffer overflow via either a specially crafted playlist or a "shout:" or "uvox:" URI.
2) An error during the parsing of certain Lyrics3 tags can be exploited to cause a heap-based buffer overflow via either a specially crafted playlist or a "shout:" or "uvox:" URI.
The vulnerabilities are reported in versions 2.666 through 5.3.
Solution:
Update to version 5.31. http://www.winamp.com/player/
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage. Get Firefox Here.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices. My FAQs.</small>
Winamp Buffer Overflow Vulnerability Warning
Moderator: Wiz Feinberg
-
Wiz Feinberg
- Posts: 6117
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
- State/Province: Michigan
- Country: United States