Signature Detail
Short Name |
HTTP:STC:WINAMP:ID3V2-OVERFLOW |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Winamp ID3v2 Tag Handling Buffer Overflow |
Release Date |
2005/08/16 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Winamp ID3v2 Tag Handling Buffer Overflow
This signature detects the download of a maliciously crafted MPEG music file (.mp3, .mp2, etc). If opened in Nullsoft WinAmp, the file can exploit a vulnerability that allows for the execution of arbitrary commands on the client. It is reported that Nullsoft WinAmp versions 5.091 and prior are affected.
Extended Description
Winamp is susceptible to a buffer overflow vulnerability in its ID3v2 functionality. This issue is due to a failure of the application to properly bounds check input data prior to copying it into a fixed size memory buffer. This issue will facilitate remote exploitation as an attacker may distribute malicious MP3 files and entice unsuspecting users to process them with the affected application. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. Versions 5.03a, 5.09, and 5.091 are reported vulnerable to this issue. Other versions are also likely affected.
Affected Products
- NullSoft Winamp 5.0.0 1
- NullSoft Winamp 5.0.0 2
- NullSoft Winamp 5.0.0 3
- NullSoft Winamp 5.0.0 3A
- NullSoft Winamp 5.0.0 4
- NullSoft Winamp 5.0.0 5
- NullSoft Winamp 5.0.0 6
- NullSoft Winamp 5.0.0 7
- NullSoft Winamp 5.0.0 8
- NullSoft Winamp 5.0.0 9
- NullSoft Winamp 5.0.0 91
References
- BugTraq: 14276
- CVE: CVE-2005-2310
- URL: http://securitytracker.com/id?1014483