Detections
Analytics

Winamp < 3.0b Multiple File Handling DoS

high Nessus Plugin ID 11530

Synopsis

The remote Windows host contains an application affected by multiple vulnerabilities.

Description

The remote host is using Winamp3, a popular media player which handles many files format (mp3, wavs and more...)

This version suffers from multiple buffer overflow and denial of service issues that can be triggered by specially crafted b4s files.
To perform an attack, the attack would have to send a malformed playlist (.b4s) to the user of this host who would then have to load it by double clicking on it.

Note that since .b4s are XML-based files, most antivirus programs will let them in.

Solution

Upgrade to Winamp 3.0b or later.

See Also

https://seclists.org/bugtraq/2003/Jan/27

http://forums.winamp.com/showthread.php?postid=823240

Plugin Details

Severity: High

ID: 11530

File Name: winamp_buffer_overflow.nasl

Version: 1.22

Type: local

Agent: windows

Family: Windows

Published: 4/14/2003

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:nullsoft:winamp

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1/4/2003

Reference Information

CVE: CVE-2003-1272, CVE-2003-1273, CVE-2003-1274

BID: 6515, 6516, 6517