Winamp Ultravox streaming metadata artist tag buffer overflow

2008-02-04T00:00:00
ID SAINT:851664FB8EBE47E57F665799E4455AC8
Type saint
Reporter SAINT Corporation
Modified 2008-02-04T00:00:00

Description

Added: 02/04/2008
CVE: CVE-2008-0065
BID: 27344
OSVDB: 41707

Background

Winamp is a media player for Windows.

Problem

A buffer overflow vulnerability in the **in_mp3.dll** library when parsing Ultravox streaming metadata allows command execution when a user opens a stream containing a long, specially crafted **<artist>** tag value.

Resolution

Upgrade to Winamp 5.52 or higher.

References

<http://secunia.com/secunia_research/2008-2/advisory/>

Limitations

Exploit works on Winamp 5.21 and requires a user to open the exploit stream in Winamp.

Platforms

Windows