Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Winamp < 5.52 Ultravox Streaming Metadata Parsing Buffer Overflows

Medium

Synopsis

The remote Windows host contains a multimedia application that is affected by multiple buffer overflow vulnerabilities.

Description

The remote host is using Winamp, a popular media player for Windows. The version of Winamp installed on the remote Windows host reportedly contains two stack-based buffer overflows in 'in_mp3.dll' when parsing Ultravox streaming metadata that can be triggered by overly-long '<artist>' and '<name>' tag values. If an attacker can trick a user on the affected host into opening a specially-crafted file, he may be able to leverage this issue to execute arbitrary code on the host subject to the user's privileges.

Solution

Upgrade to version 5.52 or higher.