Winamp < 5.52 Ultravox Streaming Metadata in_mp3.dll Multiple Tag Overflow
High Nessus Plugin ID 29998
SynopsisThe remote Windows host contains a multimedia application that is affected by multiple buffer overflow vulnerabilities.
DescriptionThe remote host is using Winamp, a popular media player for Windows.
The version of Winamp installed on the remote Windows host reportedly contains two stack-based buffer overflows in 'in_mp3.dll' when parsing Ultravox streaming metadata that can be triggered by overly-long '<artist>' and '<name>' tag values. If an attacker can trick a user on the affected host into opening a specially crafted file, he could be able to leverage this issue to execute arbitrary code on the host subject to the user's privileges.
SolutionUpgrade to Winamp version 5.52 or later.