HTTP: Winamp ID3v2 Tag Handling Buffer Overflow
This signature detects the download of a maliciously crafted MPEG music file (.mp3, .mp2, etc). If opened in Nullsoft WinAmp, the file can exploit a vulnerability that allows for the execution of arbitrary commands on the client. It is reported that Nullsoft WinAmp versions 5.091 and prior are affected.
Extended Description
Winamp is susceptible to a buffer overflow vulnerability in its ID3v2 functionality. This issue is due to a failure of the application to properly bounds check input data prior to copying it into a fixed size memory buffer. This issue will facilitate remote exploitation as an attacker may distribute malicious MP3 files and entice unsuspecting users to process them with the affected application. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. Versions 5.03a, 5.09, and 5.091 are reported vulnerable to this issue. Other versions are also likely affected.
Affected Products
Nullsoft winamp
Short Name
HTTP:STC:WINAMP:ID3V2-OVERFLOW
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2005-2310 Handling ID3v2 Overflow Tag Winamp bid:14276
Release Date
08/16/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3528
False Positive
Unknown
Vendors
Nullsoft
CVSS Score
9.3