Thursday, October 26, 2006 9:42 AM cmosby

Winamp Lyrics3 and Ultravox Processing Buffer Overflows - Advisories - Secunia

Winamp Lyrics3 and Ultravox Processing Buffer Overflows

Description:
Two vulnerabilities have been reported in Winamp, which can be exploited by malicious people to compromise a user's system.

1) An error in the Ultravox protocol handler during processing of the "ultravox-max-msg" header can be exploited to cause a heap-based buffer overflow via either a specially crafted playlist or a "shout:" or "uvox:" URI.

2) An error during the parsing of certain Lyrics3 tags can be exploited to cause a heap-based buffer overflow via either a specially crafted playlist or a "shout:" or "uvox:" URI.

The vulnerabilities are reported in versions 2.666 through 5.3.

Solution:
Update to version 5.31.
http://www.winamp.com/player/

Winamp Lyrics3 and Ultravox Processing Buffer Overflows - Advisories - Secunia.

Filed under:

Comments

No Comments