Winamp 5.12 - ZERO Day Exploit for unpatched vulnerability
Please be careful if you use WinAmp as a media player on your system. A new exploit has surfaced for an unpatched vulnerability that is rated as a critical risk by security firms. The vendor will most likely patch this soon and the patch should be applied expediently.
Winamp Computer Name Handling Buffer Overflow Vulnerability
DESCRIPTION: The vulnerability is caused due to a boundary error during the handling of filenames including a computer name. This can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename starting with an overly long computer name (about 1040 bytes). Successful exploitation allows execution of arbitrary code on a user's system when e.g. a malicious website is visited. The vulnerability has been confirmed in version 5.12. Other versions may also be affected.
Nullsoft Winamp Player PLS Handling Remote Buffer Overflow Vulnerability
Advisory ID : FrSIRT/ADV-2006-0361
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-01-29
Technical Description: A vulnerability has been identified in Winamp, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a buffer overflow error when processing a specially crafted playlist (".pls" file) containing a malformed "File1" tag, which could be exploited by remote attackers to execute arbitrary commands and take complete control of an affected system without any user-interaction via a specially crafted web page.
Exploits: An exploit is publicly available.
Affected Products: Nullsoft Winamp version 5.12 and prior
Solution: The FrSIRT is not aware of any official supplied patch for this issue.
Recommendation: Use Winamp for offline media only or access only highly trusted sites until a patch is issued. It is likely that Nullsoft will quickly supply a patch, but until then use Winamp cautiously.