HTTP: WinAmp AutoUpdate Buffer Overflow
This signature detects attempts to exploit a known vulnerability in WinAmp. Winamp 2.80a and earlier are vulnerabile. By default, WinAmp automatically contacts www.winamp.com for update information upon startup. Attackers can operate a malicious server that sends an extremely long response to a client's WinAmp update request, causing a buffer overflow.
Extended Description
Nullsoft Winamp is a media player for Microsoft Windows supporting MP3 and other filetypes. Winamp is vulnerable to a buffer overflow condition when checking for updated versions. A malicious server located at www.winamp.com may return a malicious response. Exploitation may result in the execution of arbitrary code as the Winamp process. It may be possible to exploit this vulnerability if an attacker can control the resolution of the www.winamp.com domain, possibly through DNS cache poisoning.
Affected Products
Nullsoft winamp
Short Name
HTTP:STC:WINAMP:AU-OF1
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
AutoUpdate Buffer Overflow WinAmp bid:5170
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Nullsoft