Winamp skin file MAKI script buffer overflow

2009-03-10T00:00:00
ID SAINT:FE08FFFE51F0E9BB0C9B6CA145EA7349
Type saint
Reporter SAINT Corporation
Modified 2009-03-10T00:00:00

Description

Added: 03/10/2009
BID: 34009

Background

Winamp is a media player for Windows.

Problem

A buffer overflow in Winamp allows command execution when a user opens a skin file containing a compiled MAKI script with a specially crafted string having an incorrect length field.

Resolution

Upgrade to Winamp version 5.55 or higher.

References

<http://milw0rm.com/exploits/8158>

Limitations

Exploit works on Winamp 5.541.

Execution of this exploit requires the Digest::CRC PERL module. On Linux systems this is typically found in a package named such as libdigest-crc-perl or perl-Digest-CRC.

Platforms

Windows