Winamp Buffer Overflow in Processing '.m3u' File Names May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID: 1015621|
SecurityTracker URL: http://securitytracker.com/id/1015621
(Links to External Site)
Date: Feb 14 2006
Execution of arbitrary code via network, User access via network|
Exploit Included: Yes |
A vulnerability was reported in Winamp. A remote user may be able to execute arbitrary code on the target user's system.|
A remote user can create a '.m3u' file with a specially crafted file name. When the file is opened by the target user with Winamp, a buffer overflow will be triggered and the Winamp player will crash.
The report did not confirm arbitrary code execution.
Alan McCaig (b0f) reported this vulnerability.
A remote user may be able to cause arbitrary code to be executed on the target user's system.|
No solution was available at the time of this entry.|
Vendor URL: www.winamp.com/ (Links to External Site)
|Underlying OS: Windows (Any)|
Source Message Contents
Subject: New winamp m3u/pls .WMA & .M3U Extension overflows|
This is an update on.
and also a new overflow with .m3u
This overflow is still present in the latest version of winamp 5.13 with a little bit of modifcation.
Example m3U file format:
Example pls file format:
add correct amount of A's untill overflow occurs.
This one is simple create a file with a long file name like so AAAA[...]AA.m3u save the file and open it and suprise winamp crashes.
The vendor has not been contacted on these issues due to past unsuccessfull attempts on other issues and both remain vuln in the latest
version of winamp.
Alan McCaig (b0f)