1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA16077

Winamp ID3v2 Tag Handling Buffer Overflow Vulnerability

Report ID: SA16077
Source: Secunia
Date of Discovery: 15.07.2005
Criticality: Moderate
Affects:
Winamp 5.x
Compromise From: From remote
Compromise Type: System access

Summary

A  Vulnerability has been reported in Winamp, which can be exploited by malicious people to compromise a user's system.

Detailed Description

A  Vulnerability has been reported in Winamp, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the handling of ID3v2 tags and can be exploited to cause a buffer overflow via e.g. a MP3 file containing an overly long string in the "Artist" field.

Successful exploitation allows execution of arbitrary code, but requires some user interaction (e.g. that the user adds a malicious MP3 file to a playlist and then plays the file).

The vulnerability has been reported in versions 5.03a, 5.09, and 5.091. Other versions may also be affected.

Solution

Update to version 5.094.

CVE Reference

CVE-2005-2310