Search:

February 2006

AUSCERT Advisory: AA-2006.0017 - Multiple vulnerabilities in Winamp 5.13 and prior allow arbitrary code execution

ID: 00143
Ref: 141/2006
Date: 17 February 2006:11:14:36
Version: 1

Title: AUSCERT Advisory: AA-2006.0017 - Multiple vulnerabilities in Winamp 5.13 and prior allow arbitrary code execution
Abstract:
Vendors affected: AusCERT
Operating systems affected: AusCERT
Applications affected: AusCERT

Title
=====

AUSCERT Advisory: AA-2006.0017 - Multiple vulnerabilities in Winamp 5.13 and
prior allow arbitrary code execution

Detail
======

Information regarding two vulnerabilities in Winamp 5.13 and prior
has been published [1][2]. These vulnerabilities which may allow
an attacker to run arbitrary code using a specially crafted
playlist (.m3u and .pls) files. A malicious playlist file may also
be embedded in a web page to automatically execute its payload when
a Winamp user visits a hostile web site.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
AA-2006.0017 AUSCERT Advisory

[Win]
Multiple vulnerabilities in Winamp 5.13 and prior allow
arbitrary code execution
17 February 2006
- - ---------------------------------------------------------------------------

AusCERT Advisory Summary
------------------------

Product: Winamp 5.13 and prior
Operating System: Windows
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated

OVERVIEW:

Information regarding two vulnerabilities in Winamp 5.13 and prior
has been published [1][2]. These vulnerabilities which may allow
an attacker to run arbitrary code using a specially crafted
playlist (.m3u and .pls) files. A malicious playlist file may also
be embedded in a web page to automatically execute its payload when
a Winamp user visits a hostile web site.

Proof of concept code for one of the vulnerabilities is publicly
available and modification by another attacker would be trivial.

IMPACT:

An attacker may execute arbitrary code on user's machine in the
context of the user running Winamp.

MITIGATION:

Winamp has not yet published an updated version to correct this
vulnerability. Other mitigation strategies include:

1. Remove Winamp as the registered handler for .m3u and .pls
files.

2. Do not allow Winamp to make internet connections.

3. Do not download and open play lists from untrusted sources.

4. Use another media player.

REFERENCES:

[1] http://www.frsirt.com/english/advisories/2006/0613

[2] http://secunia.com/advisories/18848/

AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:

http://www.auscert.org.au/render.html?it=3192

iQCVAwUBQ/VG0yh9+71yA2DNAQL81gP/W5CVe0Gd2tAR3jzCzzSj+zXaggENWpAl
4+2frtl0QTQSl2ZLJZ2sPfk4Y/Wp0OQ2KR0Qgx+Ex4baMK8MlQ1UFTgNLW9xYhz4
sp+JZs8J637Mh0k9OXIE+xMilVsjepoDcd21ZvD01oDr3aNgzlGjqQLfTSmjGFNG
zpnDll7j88M=
=pV4c
- -----END PGP SIGNATURE-----