|
| Just the facts | ||
| Title | WINAMP - UPDATE 1 - Freeware Audio Player - Remote Buffer Overflow Vulnerability | |
| Description | Vulnerability can be exploited to compromise a user's system. | |
| CyTRAP Labs ID | CT110020 | |
| Original release date | 2005-07-19 | |
| Systems affected | ||
| Version number | 1.1 - UPDATE | |
| ISSN | 1603-9858 | |
| Verify threat | http://casescontact.org/alerts/110020 | |
| Risk assessment | High | |
| Impact/Severity | High | |
Why not get new tips and alerts by e-mail directly to your in-box? It's much more convenient: |
||
| What is the problem? | ||
| Admin | A) VULNERABILITY This vulnerability is caused by a boundary error in the handling of ID3v2 tags. B) THREAT This can be exploited, thereby causing a buffer overflow via, for instance, a MP3 file containing an overly long string in the 'Artist' field. C) IMPACT Successful exploitation allows: The above results in the malicious user getting access to your system. |
|
| How does it affect me? | Should I Worry?. Yes ==> Winamp is a:
It is available for free download from http://www.winamp.com/. Due to its popularity, winamp has gotten into CNET's 'Hall of Fame' ==> http://www.download.com. This means that there is quite a chance that you have Winamp on your system, maybe you do not use it but... if you do, be careful (see below). |
|
| Systems affected | Winamp versions:
|
|
| Not affected systems | Assume the worst, be careful out there, wait for the patch before using the program again (hopefully, no more than 3 days starting from today). | |
| Minimize your exposure to this threat - follow the steps outlined below | ||
| Much Gain - Little Pain - Do this | There is not one known except for not using the system right now until the patch will be available. | |
| How do I fix it |
Vendor was contacted June 22, 2005 - Patch should come out shortly as a subscriber to CASEScontact or through our RSS feed we will provide you with the link for the download when it becomes available by issuing an UPDATE 1 for this alert.
Change LogOn 2005-07-19 CASESContact issued Update 1.1 = Users are urged to update to version 5.094 of WinAmp NOW please Use update features or else visit: http://www.winamp.com/player/ |
|
| Other Actions | What is a Buffer Overflow?This is one of the more prevalent type of vulnerabilities and occurs when:1) a computer program attempts to put more data into a buffer (i.e. a defined temporary storage area) than it can hold, whereby 2) the excess data bit(s) then overwrite(s) valid data. It can even be interpreted as program code and be executed. A malicious user can exploit buffer overflows by appending executable instructions to the end of such input data. The unexpected input data that ‘overflows’ onto another portion of the CPU execution stack, can then result into being run after it has entered memory or CPU (e.g., Slammer virus). This tends to occur because of programming errors. This type of vulnerability is a 'popular' one in the 'malicious user community' because it can be relatively easily exploited until users know about it and can protect themselves against it. More info, see here: http://security.weburb.dk/frame/show/news/3510 Change LogOn 2005-07-19 the following additions were provided: Get this ALERT in FRENCHhttp://www.cases.public.lu//alertes/2005/07/22_winamp/ |
|
| If you need more information, please read on. Otherwise follow the steps outlined above. | ||
| Source | LSS Security - Hungary - Leon Juranic | |
| Source URL | http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-07-14 | |
| Source date | 2005-07-14 | |
| Other source URL | http://secunia.com/advisories/16077/ | |
| Other source date | 2005-07-15 | |
| More information | Secunia | |
| CAN | -.- | |
| Secunia | SA16077 | |
| USCert | -.- | |
| CyTRAP labs ID | CT110020 | |
| CYTRAP resources - check it out - because it will help you better protect yourself | ||
| Administrative | ||
| Author | Urs E. Gattiker - CyTRAP Labs | |
| Revisions | ||
| Contact details | Web: http://CASEScontact.org E-mail: support01 at CASEScontact.org Tel: +41(0)76-200-7778 or + 44(0)70-9237-6036 Fax: +44(0)70-9237-6036, dial 3 send fax |
|
|
--END of ADVISORY - Important Info Below-- | |
 | |
| We recommend that you VERIFY ALL ADVISORIES you receive IMMEDIATELY, by clicking on the link provided at the top of this alert. |
|
| |
NO WARRANTY Any material furnished by CASEScontact.org is furnished on an 'as is' basis. CASEScontact.org, writers & sponsors make no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. |
|
| |
Ride the rollercoaster successfully by subscribing to our alerts, tips, tools and skills training receiving them either via: 1) e-mail
| |
| |
NO WARRANTY Any material furnished by CASEScontact.org is furnished on an 'as is' basis. CASEScontact.org, writers & sponsors make no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. |
|
| |
CASES writers & sponsors do not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. Full DISCLAIMER notice at: http://www.casescontact.org/terms.php |
|
| |
UNSUBSCRIBE If you no longer wish to receive this THREAT ALERT, please Unsubscribe at: http://www.casescontact.org/unsubscribe.php QUESTIONS, comments, ideas? Cheer us up at:Alerts-Comments at CASEScontact.org CASEScontact.org -- Threat Alerts and Security Notices --clear and precise, no compromise - |
|
| |
-- END of THREAT ALERT -- Copyright (c) 2007 by CyTRAP labs - Urs E. Gattiker. All rights reserved. | |