Skip to main content

Winamp Ultravox Streaming Metadata Parsing Buffer Overflow Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 21 Jan 2008 2575 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Winamp, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. These issues are caused by buffer overflow errors in "in_mp3.dll" when constructing stream titles while parsing Ultravox streaming metadata, which could be exploited by remote attackers to execute arbitrary code via overly long "<artist>" and "<name>" tag values in the <metadata> section.


Impact

  • Denial of Service

System / Technologies affected

  • Winamp version 5.51 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Winamp version 5.52 :
http://www.winamp.com/player


Vulnerability Identifier

  • No CVE information is available

Source


    Related Link