This flaw allowed remote code execution. Attackers could exploit it by tricking users into viewing specially crafted image files (e.g., WMF, EMF, JPEG, GIF) embedded in web pages, emails, or documents. Successful exploitation granted the attacker full control over the compromised system. The alert urged immediate application of the available security patch to mitigate the severe risk.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-032A
Winamp Playlist Buffer Overflow
Original release date: February 1, 2006
Last revised: --
Source: US-CERT
Systems Affected
Microsoft Windows systems with Winamp 5.12 or earlier
Overview
America Online has released Winamp 5.13 to correct a buffer overflow
vulnerability. Exploitation of this vulnerability could allow a remote
attacker to execute arbitrary code with the privileges of the user.
I. Description
Winamp is a media player that is commonly used to play MP3 files.
Winamp 5.13 resolves a buffer overflow vulnerability in how playlist
files are handled. Details are available in the following
Vulnerability Note:
VU#604745 - Winamp fails to properly handle playlists with long
computer names
Winamp contains a buffer overflow vulnerability when processing a
playlist that specifies a long computer name. This may allow a remote
unauthenticated attacker to execute arbitrary code on a vulnerable
system.
II. Impact
By convincing a user to open a specially crafted playlist file, a
remote unauthenticated attacker may be able to execute arbitrary code
with the privileges of the user. Winamp may open a playlist file
without any user interaction as the result of viewing a web page or
other HTML document.
III. Solution
Upgrade
Upgrade to Winamp 5.13.
Appendix A. References
* US-CERT Vulnerability Note VU#604745 -
<http://www.kb.cert.org/vuls/id/604745>
* CVE-2006-0476 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0476>
* National Vulnerability Database (CVE-2006-0476) -
<http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0476>
* WINAMP.COM | Player | Version History -
<http://www.winamp.com/player/version_history.php>
* WINAMP.COM | Player - <http://www.winamp.com/player>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-032A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
Feb 1, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQ+EN2H0pj593lg50AQL/zQgAqqNNsBwOLdKKb+e98yUUPRSyj38BKA1G
R4nBJ3mO85BvFFqS9NdcPSYH1DgELKhYwOoicEsbX0bmaF+lmr2ClHBO4af6fA3/
bhLksKmf5qtm61SSIuEVyBsXsDwSFQpLACOAkgarW5D5Ii4bW3CDlc9H/4dHYT3j
jiGMSVBmYWGjyEMEVznZ1liURyK6BpVHGQI0bf2/dhSk3150LJzwa0vACjnCJEeB
0Fs/s7xkAPoGDT4PxWxe/KEK03PZpJY6yZhCP6IayJsuO7kMQhzBoROK615X/Od5
ctU6qLPx8VIcyW7b9xVMl0OuZf7R412qd74bmnDfIYeGexxuLMifFg==
=NZIe
-----END PGP SIGNATURE-----