Winamp Ultravox streaming metadata artist tag buffer overflow

Added: 02/04/2008
CVE: CVE-2008-0065
BID: 27344
OSVDB: 41707

Background

Winamp is a media player for Windows.

Problem

A buffer overflow vulnerability in the in_mp3.dll library when parsing Ultravox streaming metadata allows command execution when a user opens a stream containing a long, specially crafted <artist> tag value.

Resolution

Upgrade to Winamp 5.52 or higher.

References

http://secunia.com/secunia_research/2008-2/advisory/

Limitations

Exploit works on Winamp 5.21 and requires a user to open the exploit stream in Winamp.

Platforms

Windows

Back to exploit index