Winamp Computer Name Handling Buffer Overflow Vulnerability
- 0
- Add a Comment
ATmaCA has discovered a vulnerability in Winamp that can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to a boundary error during the handling of filenames including a computer name. This can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename starting with an overly long computer name (about 1040 bytes).
Successful exploitation allows execution of arbitrary code on a user’s system when e.g. a malicious website is visited.
The vulnerability has been confirmed in version 5.12. Other versions may also be affected.
NOTE: An exploit is publicly available.
Solution: Use another product.
[Continue reading Secunia Advisory SA18649]
Tags: security, vulnerability, remote, buffer overflow, arbitrary code
