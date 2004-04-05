Critical:
Highly critical
WHERE:
From remote
SOFTWARE:
WinAMP 2.x
WinAMP 3.x
Winamp 5.x
DESCRIPTION:
NGSSoftware has discovered a vulnerability in Winamp, which can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the
"in_mod.dll" plugin when loading Fasttracker 2 (".xm") media files.
This can be exploited to cause a heap overflow by e.g. tricking a
user into visiting a malicious website.
Successful exploitation allows execution of arbitrary code on a
user's system.
The vulnerability reportedly affects versions 2.91 through 5.02.
Prior versions may also be affected.
SOLUTION:
Update to version 5.03.
http://www.winamp.com/player/
More: http://secunia.com/advisories/11285/
