Winamp Ultravox streaming metadata artist tag buffer overflow

Added: 02/04/2008 CVE: CVE-2008-0065 BID: 27344 OSVDB: 41707 Background Winamp is a media player for Windows. Problem A buffer overflow vulnerability in the inmp3.dll library when parsing Ultravox streaming metadata allows command execution when a user opens a stream containing a long, specially...

CVE-2008-0065

CVE-2008-0065 describes a stack-based buffer overflow in Winamp’s Ultravox streaming metadata handling (in_mp3.dll) that could allow remote code execution when processing a long or tag. Affected Winamp versions include 5.21, 5.5, and 5.51 (with advisories noting exploitation up to ~5.24 and fix...

Winamp Ultravox流元数据多个栈溢出漏洞

BUGTRAQ ID: 27344 CVECAN ID: CVE-2008-0065 Winamp是一款流行的媒体播放器，支持多种文件格式。 Winamp在处理畸形格式的数据时存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞控制用户系统。 Winamp的inmp3.dll库在解析Ultravox流元数据时没有正确地创建流标题。如果metadata部分设置了超长的artist和name标签值的话，就可能触发栈溢出，导致执行任意指令。 Nullsoft Winamp 5.51 Nullsoft Winamp 5.5 Nullsoft Winamp 5.21 Nullsoft --------...

Winamp < 5.52 Ultravox Streaming Metadata in_mp3.dll Multiple Tag Overflow

The remote host is using Winamp, a popular media player for Windows. The version of Winamp installed on the remote Windows host reportedly contains two stack-based buffer overflows in 'inmp3.dll' when parsing Ultravox streaming metadata that can be triggered by overly-long '' and '' tag values. I...