U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Alert (TA06-032A)

Winamp Playlist Buffer Overflow

Original release date: February 01, 2006 | Last revised: February 23, 2006

Systems Affected

Microsoft Windows systems with Winamp 5.13 or earlier

Overview

America Online has released Winamp 5.2 to correct a buffer overflow vulnerability. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code with the privileges of the user.

Description

Winamp is a media player that is commonly used to play MP3 files. Winamp 5.2 resolves a buffer overflow vulnerability in how playlist files are handled. Details are available in the following Vulnerability Note:

VU#604745 - Winamp fails to properly handle playlists with long computer names

Winamp contains a buffer overflow vulnerability when processing a playlist that specifies a long computer name. This may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system.

Impact

By convincing a user to open a specially crafted playlist file, a remote unauthenticated attacker may be able to execute arbitrary code with the privileges of the user. Winamp may open a playlist file without any user interaction as the result of viewing a web page or other HTML document.

Solution

Upgrade

Upgrade to Winamp 5.2.

Appendix A. References


Feedback can be directed to the US-CERT Technical Staff

Produced by US-CERT, a government organization. Terms of use

Revision History

  • February 1, 2006: Initial release
    February 23, 2006: Changed Winamp version to 5.2

    Last updated

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top