F-Secure
Tools
Winamp Lyrics3 and Ultravox Processing Buffer Overflows
| Report ID: | SA22580 |
| Source: | Secunia |
| Date of Discovery: | 25.10.2006 |
| Criticality: | Moderate |
| Affects: | WinAMP 2.x WinAMP 3.x Winamp 5.x |
| Compromise From: | From remote |
| Compromise Type: | System access |
Summary
Two vulnerabilities have been discovered in Winamp, which can be exploited by malicious people to compromise a user's system.
Detailed Description
Two vulnerabilities have been discovered in Winamp, which can be exploited by malicious people to compromise a user's system.
1) An integer overflow in the Ultravox protocol handler during processing of the "ultravox-max-msg" header can be exploited to cause a heap-based buffer overflow via a specially crafted Ultravox server response.
2) An integer overflow during the parsing of certain Lyrics3 tags can be exploited to cause a heap-based buffer overflow via a specially crafted MP3 file.
The vulnerabilities are confirmed in version 5.3. Versions 2.666 through 5.3 are reportedly vulnerable.
1) An integer overflow in the Ultravox protocol handler during processing of the "ultravox-max-msg" header can be exploited to cause a heap-based buffer overflow via a specially crafted Ultravox server response.
2) An integer overflow during the parsing of certain Lyrics3 tags can be exploited to cause a heap-based buffer overflow via a specially crafted MP3 file.
The vulnerabilities are confirmed in version 5.3. Versions 2.666 through 5.3 are reportedly vulnerable.
Solution
Update to version 5.31.
http://www.winamp.com/player/
http://www.winamp.com/player/
CVE Reference
CVE-2006-5567