| VID |
28103 |
| Severity |
20 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The WinAMP program, according to its version number, has a denial of service vulnerability.
Winamp is a media player for Microsoft Windows. Winamp version 5.07 and possibly earlier versions are vulnerable to a denial of service vulnerability when it processes malformed .mp4 and .m4a files. An attacker could exploit this vulnerability by creating a malicious Web page containing a specially crafted ".mp4" or ".m4a" playlist and hosting it on a Web site or by sending it to a victim as an HTML email. When the malicious file is processed, the affected software will crash.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.securityfocus.com/archive/1/384241
* Platforms Affected:
Nullsoft, Inc., Winamp 5.07 and earlier
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of December 2004.
Upgrade to the new version of Winamp (5.08 or later), when new version fixed this problem becomes available Winamp Player Download Web page at http://www.winamp.com/player/ |
| Related URL |
(CVE) |
| Related URL |
11909 (SecurityFocus) |
| Related URL |
(ISS) |
|
