Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Multimedia)  >   Song Requester Vendors:
Oddsock Song Requester Playlist Generator for Winamp Has Buffer Overflows Let Remote Users Crash the Winamp Media Server
SecurityTracker Alert ID:  1004787
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 17 2002
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 2.1
Description:   Buffer overflow vulnerabilities were reported in the Oddsock Song Requester Winamp plugin. A remote user can cause the Winamp media server to crash.

Outpost24 Security reported several buffer overflow vulnerabilities that allow a remote user to cause denial of service conditions. A remote user can cause the Winamp media service to crash, requiring a restart to return to normal operations.

The vulnerability reportedly exists in the parsing of long names or character strings. Successful exploitation may cause Winamp to shut down. Two demonstration exploit URLs are provided:



Both URLs will cause Winamp to crash, but the second will cause Winamp to crash without generating any error messages.

According to the report, all the Song Requester CGI files are vulnerable, including the 'admin.cgi' script.

The vendor has reportedly been notified.

See the original Outpost24 advisory at:

Impact:   A remote user can cause the Winamp server to crash, requiring a manual restart to return to normal operations.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Boundary error

Message History:   None.

 Source Message Contents

Subject:  Outpost24 Advisory: Oddsock PlaylistGenerator Multiple

Outpost24 Advisory

Advisory Name: Oddsock PlaylistGenerator Multiple
BufferOverlow vulnerability
Release date: 15/07-02
Software : Song Requester Version : 2.1
Platform: Windows NT/XP/95/98/2000
Severity: DoS Vulnerability, that terminates Winamp,
and restart

Author: Lucas Lundgren (
Vedor Status:  No response


Oddsock Playlist generator is used by Radio DJs to
allow listeners to choose a song to play from the
Winamp Playlist.Song Requester Version
2.1 contains multiple buffer overflows, which will
result in a DoS attack against the Winamp/Shoutcast
service. The DJ will have to restart Winamp in order to
make it work again. 

There are two major kinds of DoS attacks against this
software: the first will display an error message, and
inform the user that a logfile has been created.  The
second  attack closes down Winamp and restores the
playlist from the previous state, so that any newly
added songs will not be displayed in the playlist.It
also restores the admin password to what
is was previously, if it has been changed without
restarting Winamp.

Technical Details:

By parsing long names or characters to the CGI files in
the Song Requester, a DoS is avalible, closing down
Winamp and / or leaving  a error log.  You could try to


This will cause Winamp to crash, and makes Dr Watson
dump a logfile.

But if you parse: 

Winamp will die without any error messages.

Oddsock overflows the playlist and crashes the Winamp
player. If you want to check it out, please look at Dr
Watson  logs for more details. All the CGI files in
Song Requester are vulnerable to DoS attacks, even
the 'admin.cgi'. Please note that the password you type
in is in clear text; no asterix signs replace the

Contact: Lucas Lundgren (


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC