| VID |
28040 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Windows system has the version of WinAMP that is vulnerable to a buffer overflow vulnerability.
WinAMP, developed by Nullsoft.Inc, is the most popular free software that acts as a media player for the Microsoft Windows platform. The version 3.0 and earlier is vulnerable to a buffer overflow attack due to overly long playlist name. This vulnerability arises due to a lack of checking bound of the buffer for the playlist name in a b4s file that is used for WinAMP to save user's mp3 list. When a remote attacker can create a malformed .b4s file with excessively long playlist name and then send it to the target system through E-Mail or hosting it on the Web page, it will causes the buffer in the WinAMP to be overrun and the WinAMP to be unstable if user double-click it. Using this vulnerability, a remote attacker can the WinAMP to be crashed and potentially execute arbitrary code on the system.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html
* Softwares Affected:
WinAMP 3.0 build 488 and earlier |
| Recommendation |
No the Patch appropriately as of April, 2003. Contact with your product vendor. |
| Related URL |
(CVE) |
| Related URL |
6515 (SecurityFocus) |
| Related URL |
10980 (ISS) |
|
