Winamp < 5.13 Playlist Handling Multiple Overflows
High Nessus Plugin ID 20826
SynopsisA multimedia application that is vulnerable to multiple buffer overflows is installed on the remote Windows host.
DescriptionThe remote host is using Winamp, a popular media player for Windows.
It's possible that a remote attacker using a specially crafted M3U or PLS file can cause a buffer overflow in the version of Winamp installed on the remote Windows host, resulting in a crash of the application and even execution of arbitrary code remotely subject to the user's privileges. Note that these issues can reportedly be exploited without user interaction by linking to a '.pls' file in an IFRAME tag.
SolutionUpgrade to Winamp version 5.13 or later.