Vulnerability Note VU#986504
WinAmp playlist handling may allow a remote buffer overflow and arbitrary code execution
WinAmp contains a flaw which may allow a remote system compromise if a maliciously crafted playlist is loaded.
Nullsoft's WinAmp is a multimedia system for Microsoft Windows. WinAmp allows users to create and use "playlists" to play their multimedia files in a customized order.
WinAmp versions previous to 5.08c contain a flaw in playlist handling code which may allow arbitrary code to be executed. In addition, WinAmp playlists may be loaded from remote locations on the Internet without user intervention, so this flaw may be exploited by a remote user.
WinAmp may encounter a stack-based buffer overflow condition which would allow remote arbitrary code execution under the privileges of the user running WinAmp. This could lead to total system compromise and control by a malicious attacker.
Apply an update
Note: This flaw has been re-discovered in a series of the latest WinAmp releases. Should the flaw re-occur again, a recommended course of action until an update is developed is:
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Nullsoft||Affected||28 Jan 2005||21 Feb 2005|
CVSS Metrics (Learn More)
Thanks to Brett Moore for reporting this vulnerability.
This document was written by Ken MacInnis.
- CVE IDs: CAN-2004-1119
- Date Public: 23 Nov 2004
- Date First Published: 21 Feb 2005
- Date Last Updated: 21 Feb 2005
- Severity Metric: 14.03
- Document Revision: 26
If you have feedback, comments, or additional information about this vulnerability, please send us email.