Secunia Advisory: SA27865
Release Date: 2008-01-18
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Winamp 5.x
CVE reference: CVE-2008-0065 (Secunia mirror)
Description:
Secunia Research has discovered two vulnerabilities in Winamp, which can be exploited by malicious people to compromise a user's system.
The vulnerabilities are caused due to boundary errors in in_mp3.dll within the construction of stream titles when parsing Ultravox streaming metadata. This can be exploited to cause stack-based buffer overflows via overly long "<artist>" and "<name>" tag values in the <metadata> section.
Successful exploitation allows execution of arbitrary code.
The vulnerabilities are confirmed in versions 5.21, 5.5, and 5.51. Other versions may also be affected.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector or Online Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution:
Update to version 5.52.
Bollettino di Sicurezza
Release Date: 2008-01-18
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Winamp 5.x
CVE reference: CVE-2008-0065 (Secunia mirror)
Description:
Secunia Research has discovered two vulnerabilities in Winamp, which can be exploited by malicious people to compromise a user's system.
The vulnerabilities are caused due to boundary errors in in_mp3.dll within the construction of stream titles when parsing Ultravox streaming metadata. This can be exploited to cause stack-based buffer overflows via overly long "<artist>" and "<name>" tag values in the <metadata> section.
Successful exploitation allows execution of arbitrary code.
The vulnerabilities are confirmed in versions 5.21, 5.5, and 5.51. Other versions may also be affected.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector or Online Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution:
Update to version 5.52.
Bollettino di Sicurezza