Winamp m3u/pls .wma Parsing Overflow

2006-02-01T22:50:58
ID OSVDB:22975
Type osvdb
Reporter b0f()
Modified 2006-02-01T22:50:58

Description

Vulnerability Description

A remote overflow exists in WinAmp. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted '.m3u' and/or '.pls' file and an ending filename having the '*.wma' extension, a remote attacker can cause arbitrary code execution or the application to crash resulting in a loss of integrity and/or availability.

Solution Description

Upgrade to version 5.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in WinAmp. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted '.m3u' and/or '.pls' file and an ending filename having the '*.wma' extension, a remote attacker can cause arbitrary code execution or the application to crash resulting in a loss of integrity and/or availability.

References:

Vendor URL: http://winamp.com/player/ Security Tracker: 1015565 Security Tracker: 1015621 Related OSVDB ID: 30142 Other Advisory URL: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=378 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-01/1000.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0348.html ISS X-Force ID: 24417 FrSIRT Advisory: ADV-2006-0613 CVE-2005-3188 Bugtraq ID: 16462