HTTP: Nullsoft Winamp M3U Remote Buffer Overflow

This signature detects attempts to exploit a known vulnerability in the M3U file parsing component of Nullsoft Winamp. Because of a failure to properly sanitize the length of a field containing a media file name, an attacker could entice a user to open a maliciously crafted M3U file, thereby allowing arbitrary code execution on the target system.

Extended Description

Winamp is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the application, effectively denying service to legitimate users. An attacker may be able to exploit this issue to execute arbitrary code on the victim user's computer; this has not been confirmed. This issue is reported to affect version 5.13; other versions may also be vulnerable. This issue may be related to BID 9923 (NullSoft Winamp Malformed File Name Denial of Service Vulnerability).

Affected Products

Nullsoft winamp

Short Name
HTTP:STC:WINAMP:M3U-BOF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2006-0708 M3U Nullsoft Overflow Remote Winamp bid:16623
Release Date
03/29/2006
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Nullsoft

CVSS Score

9.3

Found a potential security threat?