AOL Nullsoft Winamp contains a heap-based buffer overflow in the code that handles Lyrics3 tags. This vulnerability may allow a remote, unauthenticated attacker execute arbitrary code on a vulnerable system.
Lyrics3 is a system for embedding the lyrics inside an MP3 song file. AOL Nullsoft Winamp fails to properly handle malformed Lyrics3 tags, allowing a heap-based buffer overflow to occur.
This vulnerability may be triggered by persuading a user to access a specially crafted playlist file or connect to a malicious server with Winamp.
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.
This vulnerability was reported by iDEFENSE.
This document was written by Jeff Gennari.
|Date First Published:
|Date Last Updated:
|2006-12-08 19:16 UTC