Winamp < 5.52 Ultravox Streaming Metadata Parsing Buffer Overflows
Medium Nessus Network Monitor Plugin ID 4347
SynopsisThe remote Windows host contains a multimedia application that is affected by multiple buffer overflow vulnerabilities.
DescriptionThe remote host is using Winamp, a popular media player for Windows. The version of Winamp installed on the remote Windows host reportedly contains two stack-based buffer overflows in 'in_mp3.dll' when parsing Ultravox streaming metadata that can be triggered by overly-long '<artist>' and '<name>' tag values. If an attacker can trick a user on the affected host into opening a specially-crafted file, he may be able to leverage this issue to execute arbitrary code on the host subject to the user's privileges.
SolutionUpgrade to version 5.52 or higher.