icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Winamp < 5.52 Ultravox Streaming Metadata Parsing Buffer Overflows

Medium

Synopsis

The remote Windows host contains a multimedia application that is affected by multiple buffer overflow vulnerabilities.

Description

The remote host is using Winamp, a popular media player for Windows. The version of Winamp installed on the remote Windows host reportedly contains two stack-based buffer overflows in 'in_mp3.dll' when parsing Ultravox streaming metadata that can be triggered by overly-long '<artist>' and '<name>' tag values. If an attacker can trick a user on the affected host into opening a specially-crafted file, he may be able to leverage this issue to execute arbitrary code on the host subject to the user's privileges.

Solution

Upgrade to version 5.52 or higher.