SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#449092

AOL Nullsoft Winamp Lyrics3 heap buffer overflow

Overview

AOL Nullsoft Winamp contains a heap-based buffer overflow in the code that handles Lyrics3 tags. This vulnerability may allow a remote, unauthenticated attacker execute arbitrary code on a vulnerable system.

I. Description

Lyrics3 is a system for embedding the lyrics inside an MP3 song file. AOL Nullsoft Winamp fails to properly handle malformed Lyrics3 tags, allowing a heap-based buffer overflow to occur.

This vulnerability may be triggered by persuading a user to access a specially crafted playlist file or connect to a malicious server with Winamp.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.

III. Solution

Upgrade

This vulnerability is addressed in AOL Nullsoft Winamp version 3.51.

Until it is possible to upgrade to AOL Nullsoft Winamp version 3.51, the following workarounds will help reduce the chances of exploitation:

Disable Winamp playlist file association

Disable the file association for Winamp playlist files to help prevent Windows applications from using Winamp to open playlists. This can be accomplished by deleting the following registry key:

    HKEY_CLASSES_ROOT\Winamp.Playlist
Disable Shoutcast and Ultravox protocols

Links to malicious playlist files may be accessed using the Shoutcast (shout:) or Ultravox (uvox:) protocols. Disabling these protocols will reduce the chances of exploitation. This can be accomplished by deleting the following registry keys:

    HKEY_CLASSES_ROOT\ICY
    HKEY_CLASSES_ROOT\SC
    HKEY_CLASSES_ROOT\SHOUT
    HKEY_CLASSES_ROOT\UVOX
Do not open Winamp playlist files

Do not open Winamp playlist files (.PLS or .M3U) from untrusted sources.

Systems Affected
VendorStatusDate Updated
America Online, Inc.Vulnerable26-Oct-2006

References


http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=432
http://www.winamp.com/player/version_history.php#5.31
http://www.winamp.com/player/index.php
http://secunia.com/advisories/22580/
http://www.id3.org/lyrics3.html

Credit

This vulnerability was reported by iDEFENSE.

This document was written by Jeff Gennari.

Other Information

Date Public10/25/2006
Date First Published10/26/2006 08:02:43 PM
Date Last Updated12/08/2006
CERT Advisory 
CVE-ID(s) 
NVD-ID(s) 
US-CERT Technical Alerts 
Metric14.39
Document Revision25

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader