|
|
| |
| "Winamp is more than just a player. It's your window to the multimedia world. From MP3s to streaming video, Winamp is the one place you go to feed your audio/video habit.". Secunia Research has discovered two vulnerabilities in Winamp, which can be exploited by malicious people to compromise a user's system. |
| |
Credit:
The information has been provided by Secunia Research.
The original article can be found at: http://secunia.com/secunia_research/2008-2/advisory/
|
| |
Vulnerable Systems:
* Winamp version 5.21, version 5.5 and version 5.51
Immune Systems:
* Winamp version 5.52
The vulnerablities are caused due to boundary errors in in_mp3.dll within the construction of stream titles when parsing Ultravox streaming metadata. This can be exploited to cause stack-based b uffer overflows via overly long "<artist>" and "<name>" tag values in the <metadata> section.
Successful exploitation allows execution of arbitrary code.
CVE Information:
CVE-2008-0065
|
|
|
