Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Winamp 5.12 - ZERO Day Exploit for unpatched vulnerability

  Please be careful if you use WinAmp as a media player on your system.  A new exploit has surfaced for an unpatched vulnerability that is rated as a critical risk by security firms.  The vendor will most likely patch this soon and the patch should be applied expediently.

Winamp Computer Name Handling Buffer Overflow Vulnerability
http://secunia.com/advisories/18649/

DESCRIPTION: The vulnerability is caused due to a boundary error during the handling of filenames including a computer name. This can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename starting with an overly long computer name (about 1040 bytes).  Successful exploitation allows execution of arbitrary code on a user's system when e.g. a malicious website is visited. The vulnerability has been confirmed in version 5.12. Other versions may also be affected.


Nullsoft Winamp Player PLS Handling Remote Buffer Overflow Vulnerability
http://www.frsirt.com/english/advisories/2006/0361

Advisory ID : FrSIRT/ADV-2006-0361
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-01-29

Technical Description: A vulnerability has been identified in Winamp, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a buffer overflow error when processing a specially crafted playlist (".pls" file) containing a malformed "File1" tag, which could be exploited by remote attackers to execute arbitrary commands and take complete control of an affected system without any user-interaction via a specially crafted web page.

Exploits: An exploit is publicly available. 

Affected Products: Nullsoft Winamp version 5.12 and prior

Solution: The FrSIRT is not aware of any official supplied patch for this issue.

Recommendation: Use Winamp for offline media only or access only highly trusted sites until a patch is issued.  It is likely that Nullsoft will quickly supply a patch, but until then use Winamp cautiously.

Comments

My IT Forum Technology Blogs said:

# January 30, 2006 7:40 PM

Microsoft Most Valuable Professional said:

  Nullsoft has expediently released version 5.13 to address this ZERO DAY attack ISC Informationhttp://www.incidents.org/diary.php?storyid=1080Download...
# January 30, 2006 7:56 PM