Winamp skin file MAKI script buffer overflow

Added: 03/10/2009
BID: 34009

Background

Winamp is a media player for Windows.

Problem

A buffer overflow in Winamp allows command execution when a user opens a skin file containing a compiled MAKI script with a specially crafted string having an incorrect length field.

Resolution

Upgrade to Winamp version 5.55 or higher.

References

http://milw0rm.com/exploits/8158

Limitations

Exploit works on Winamp 5.541.

Execution of this exploit requires the Digest::CRC PERL module. On Linux systems this is typically found in a package named such as libdigest-crc-perl or perl-Digest-CRC.

Platforms

Windows

Back to exploit index