Winamp "IN_CDDA.dll" Buffer Overflow Vulnerability
Secunia Advisory: SA13269
Release Date:
2004-11-23
Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Winamp 5.x
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
Description:
Brett Moore has reported a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the "IN_CDDA.dll" file. This can be exploited in various ways to cause a stack-based buffer overflow e.g. by tricking a user into visiting a malicious web site containing a specially crafted ".m3u" playlist.
Successful exploitation allows execution of arbitrary code.
The vulnerability has been reported in version 5.05. Prior versions may also be affected.
Solution:
Update to version 5.0.6.
http://www.winamp.com/player/