Signature Detail

APP: WinAmp Midi File Overflow

This signature detects attempts to exploit a known vulnerability in the WinAmp MIDI decoder. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.

Extended Description

Winamp is prone to a buffer-overflow vulnerability when handling specially crafted files. An attacker may exploit this issue to gain unauthorized access to a computer with the privileges of the user that activated the vulnerable application. Winamp versions prior to 5.22 are reported prone to this issue.

Affected Products

• NullSoft Winamp 2.10.0
• NullSoft Winamp 2.24.0
• NullSoft Winamp 2.4.0
• NullSoft Winamp 2.50.0
• NullSoft Winamp 2.5.0 e
• NullSoft Winamp 2.5.0 E
• NullSoft Winamp 2.60.0 (full)
• NullSoft Winamp 2.60.0 (lite)
• NullSoft Winamp 2.6.0 4
• NullSoft Winamp 2.61.0 (full)
• NullSoft Winamp 2.62.0 (standard)
• NullSoft Winamp 2.64.0 (standard)
• NullSoft Winamp 2.65.0
• NullSoft Winamp 2.70.0
• NullSoft Winamp 2.70.0 (full)
• NullSoft Winamp 2.71.0
• NullSoft Winamp 2.72.0
• NullSoft Winamp 2.73.0
• NullSoft Winamp 2.73.0 (full)
• NullSoft Winamp 2.74.0
• NullSoft Winamp 2.75.0
• NullSoft Winamp 2.76.0
• NullSoft Winamp 2.77.0
• NullSoft Winamp 2.78.0
• NullSoft Winamp 2.79.0
• NullSoft Winamp 2.80.0
• NullSoft Winamp 2.81.0
• NullSoft Winamp 2.91.0
• NullSoft Winamp 3.0.0
• NullSoft Winamp 3.1.0
• NullSoft Winamp 5.0.0 1
• NullSoft Winamp 5.0.0 2
• NullSoft Winamp 5.0.0 3
• NullSoft Winamp 5.0.0 3A
• NullSoft Winamp 5.0.0 4
• NullSoft Winamp 5.0.0 5
• NullSoft Winamp 5.0.0 6
• NullSoft Winamp 5.0.0 7
• NullSoft Winamp 5.0.0 8
• NullSoft Winamp 5.0.0 8C
• NullSoft Winamp 5.0.0 9
• NullSoft Winamp 5.0.0 91
• NullSoft Winamp 5.094
• NullSoft Winamp 5.11
• NullSoft Winamp 5.12
• NullSoft Winamp 5.13
• NullSoft Winamp 5.2
• NullSoft Winamp 5.21

References

• BugTraq: 18507
• CVE: CVE-2006-3228
• URL: http://www.frsirt.com/english/advisories/2006/2422
• URL: http://secunia.com/advisories/20722