WinAmp contains a flaw which may allow an attacker to crash WinAmp remotely via .mpa or .mp4 files.
Nullsoft's WinAmp Player, a popular multimedia system for Microsoft Windows, contains a flaw in the handling of the metadata (called "tags") contained within .mpa and .mp4 files. Invalid data within these files could crash WinAmp.
WinAmp is susceptible to a remote Denial of Service flaw if maliciously crafted .mp4 or .mpa files are loaded. This flaw could cause WinAmp to unexpectedly crash. Also, the flaw may be exploited in combination with the default setting for some web browsers to automatically open WinAmp playlist (.pls, .m3u) files without prompting. A malicious playlist, with pointers to remote files on the Internet, may be embedded in a web page specifically crafted to automatically load the playlist. As such, a user may unintentionally load a flawed mpa or .mp4 file by following an innocuous web link.
WinAmp may crash, resulting in a denial of service to the user running it.
Apply an update
This document was written by Ken MacInnis.
|Date First Published:||2005-02-21|
|Date Last Updated:||2005-02-21 21:21 UTC|