WinAmp contains a flaw which may allow a remote system compromise if a maliciously crafted playlist is loaded.
Nullsoft's WinAmp is a multimedia system for Microsoft Windows. WinAmp allows users to create and use "playlists" to play their multimedia files in a customized order.
WinAmp versions previous to 5.08c contain a flaw in playlist handling code which may allow arbitrary code to be executed. In addition, WinAmp playlists may be loaded from remote locations on the Internet without user intervention, so this flaw may be exploited by a remote user.
WinAmp may encounter a stack-based buffer overflow condition which would allow remote arbitrary code execution under the privileges of the user running WinAmp. This could lead to total system compromise and control by a malicious attacker.
Apply an update
Note: This flaw has been re-discovered in a series of the latest WinAmp releases. Should the flaw re-occur again, a recommended course of action until an update is developed is:
Thanks to Brett Moore for reporting this vulnerability.
This document was written by Ken MacInnis.
|Date First Published:||2005-02-21|
|Date Last Updated:||2005-02-21 21:22 UTC|