CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.7%
WinAmp contains a flaw which may allow a remote system compromise if a maliciously crafted playlist is loaded.
Nullsoft’s WinAmp is a multimedia system for Microsoft Windows. WinAmp allows users to create and use “playlists” to play their multimedia files in a customized order.
WinAmp versions previous to 5.08c contain a flaw in playlist handling code which may allow arbitrary code to be executed. In addition, WinAmp playlists may be loaded from remote locations on the Internet without user intervention, so this flaw may be exploited by a remote user.
This WinAmp flaw exposes a stack-based buffer overflow, which allows remote execution of arbitrary code. A playlist which contains a long device name or file number for some types of files (including .cda
) may overflow the handler code in the IN_CDDA.dll plug-in and execute arbitrary code.
Also, the default configuration of Internet Explorer and WinAmp will open remote .pls
and .m3u
playlist files without prompting the user. Other web browsers (due to user settings or defaults) may also open these types of files automatically. As such, a standard HTML document can embed a playlist file to automatically load when the user follows a normal link to this malicious page. This creates a condition where it is possible to exploit the flaw by simply loading an innocuous-looking web page.
WinAmp may encounter a stack-based buffer overflow condition which would allow remote arbitrary code execution under the privileges of the user running WinAmp. This could lead to total system compromise and control by a malicious attacker.
Apply an update
This flaw has been corrected in WinAmp version 5.08c and later. Download and install the latest version from:
<<http://www.winamp.com/player/>>
Note: This flaw has been re-discovered in a series of the latest WinAmp releases. Should the flaw re-occur again, a recommended course of action until an update is developed is:
Do not open unknown .cda
, .pls
or .m3u
files.
Do not open .cda
, .pls
or .m3u
files automatically with WinAmp in your web browser.
Of course, these recommendations always apply to any unknown files and file types. It is also always advised for all users to ensure their browser settings prompt for the desired action (Save, Cancel, Open) with all file types that may load remote data, such as WinAmp .pls
or .m3u
playlist file types.
986504
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: January 28, 2005 Updated: February 21, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Updates which address this flaw may be found at the Nullsoft WinAmp web page.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23986504 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Brett Moore for reporting this vulnerability.
This document was written by Ken MacInnis.
CVE IDs: | CVE-2004-1119 |
---|---|
Severity Metric: | 14.03 Date Public: |
forums.winamp.com/showthread.php?s=&threadid=159785
forums.winamp.com/showthread.php?s=&threadid=202799
secunia.com/advisories/13269/
secunia.com/advisories/13781/
www.nsfocus.com/english/homepage/research/0501.htm
www.security-assessment.com/Papers/Winamp_IN_CDDA_Buffer_Overflow.pdf
www.winamp.com/player/version_history.php