Winamp ID3v2 Buffer Overflow Vulnerability

vendor:

Winamp

by:

SecurityFocus

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Winamp

Affected Version From: 5.03a

Affected Version To: 5.091

Patch Exists: YES

Related CWE: N/A

CPE: winamp

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2005

Winamp ID3v2 Buffer Overflow Vulnerability

Winamp is susceptible to a buffer overflow vulnerability in its ID3v2 functionality. This issue is due to a failure of the application to properly bounds check input data prior to copying it into a fixed size memory buffer. This issue will facilitate remote exploitation as an attacker may distribute malicious MP3 files and entice unsuspecting users to process them with the affected application. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application.

Mitigation:

Ensure that input data is properly validated before being used in the application.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14276/info

Winamp is susceptible to a buffer overflow vulnerability in its ID3v2 functionality. This issue is due to a failure of the application to properly bounds check input data prior to copying it into a fixed size memory buffer.

This issue will facilitate remote exploitation as an attacker may distribute malicious MP3 files and entice unsuspecting users to process them with the affected application.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application.

Versions 5.03a, 5.09, and 5.091 are reported vulnerable to this issue. Other versions are also likely affected. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/25989.mp3