VULHUB ™

Winamp is a popular media player supporting MP3 and other filetypes. Versions of Winamp are vulnerable to a buffer overflow condition triggered during processing of Audiosoft parameter files (*.AIP). A user may insert a large sequence of characters into an *.AIP file. When parsed by Winamp, the data will cause a stack overflow. As a result of this overflow, excessive data copied onto the stack can overwrite critical parts of the stack frame such as the calling functions' return address. Since this data is supplied by the user, it could be made to alter the program's flow of execution. Properly exploited, a maliciously composed AIP file could be used by a remote attacker (either through email or on a remote hostile website) to execute aribitrary code on a vulnerable system.

Winamp is a popular media player supporting MP3 and other filetypes. Versions of Winamp are vulnerable to a buffer overflow condition triggered during processing of Audiosoft parameter files (*.AIP). A user may insert a large sequence of characters into an *.AIP file. When parsed by Winamp, the data will cause a stack overflow. As a result of this overflow, excessive data copied onto the stack can overwrite critical parts of the stack frame such as the calling functions' return address. Since this data is supplied by the user, it could be made to alter the program's flow of execution. Properly exploited, a maliciously composed AIP file could be used by a remote attacker (either through email or on a remote hostile website) to execute aribitrary code on a vulnerable system.