Signature Detail
Short Name |
HTTP:STC:DL:MAL-M3U |
|---|---|
Severity |
High |
Recommended |
No |
Category |
HTTP |
Keywords |
M3U Malformed File Format |
Release Date |
2011/11/16 |
Update Number |
2031 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: M3U Malformed File Format
This signature detects attempts to exploit flaws in M3U files. M3U file type is primarily associated with 'MP3 Playlist File'. Standards are defined for representing a m3u file. Any deviation from it can be an indication of malicious activity. This kind of behavior is mostly noticeable from exploits created using Metasploit Framework.
Extended Description
Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file.
Affected Products
- nullsoft winamp 5.12
- nullsoft winamp 5.13
References
- BugTraq: 41145
- BugTraq: 18872
- CVE: CVE-2006-0720
- CVE: CVE-2006-3431
- URL: http://en.wikipedia.org/wiki/M3U
- URL: http://www.assistanttools.com/articles/m3u_playlist_format.shtml