DoctorDoom
01-30-2006, 06:00 PM
Winamp Computer Name Handling Buffer Overflow Vulnerability
Secunia Advisory: SA18649
Release Date: 2006-01-30
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Winamp 5.x
Description:
ATmaCA has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error during the handling of filenames including a computer name. This can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename starting with an overly long computer name (about 1040 bytes).
Successful exploitation allows execution of arbitrary code on a user's system when e.g. a malicious website is visited.
The vulnerability has been confirmed in version 5.12. Other versions may also be affected.
NOTE: An exploit is publicly available.
Solution: Use another product.Winamp Computer Name Handling Buffer Overflow Vulnerability (http://secunia.com/advisories/18649/)
It's a never-ending war between the Web users and the despicable assholes whose pathetic lives are devoted to damaging or destroying because they are too f**king stupid to create.
Secunia Advisory: SA18649
Release Date: 2006-01-30
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Winamp 5.x
Description:
ATmaCA has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error during the handling of filenames including a computer name. This can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename starting with an overly long computer name (about 1040 bytes).
Successful exploitation allows execution of arbitrary code on a user's system when e.g. a malicious website is visited.
The vulnerability has been confirmed in version 5.12. Other versions may also be affected.
NOTE: An exploit is publicly available.
Solution: Use another product.Winamp Computer Name Handling Buffer Overflow Vulnerability (http://secunia.com/advisories/18649/)
It's a never-ending war between the Web users and the despicable assholes whose pathetic lives are devoted to damaging or destroying because they are too f**king stupid to create.