Nullsoft Winamp M3U File Denial of Service Vulnerability

Bugtraq ID:	25152
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Jul 31 2007 12:00AM
Updated:	Dec 22 2009 08:43PM
Credit:	Christian Deneke is credited with the discovery of this vulnerability.
Vulnerable:	NullSoft Winamp 5.57 NullSoft Winamp 5.56 NullSoft Winamp 5.552 NullSoft Winamp 5.55 NullSoft Winamp 5.541 NullSoft Winamp 5.54 NullSoft Winamp 5.52 NullSoft Winamp 5.51 NullSoft Winamp 5.5 NullSoft Winamp 5.35
Not Vulnerable:

Nullsoft Winamp M3U File Denial of Service Vulnerability

Winamp is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the application, effectively denying service to legitimate users. Given the nature of this issue, the attacker may be able to execute arbitrary code, but this has not been confirmed.

This issue is reported to affect Winamp 5.35 and 5.57; other versions may also be vulnerable.

Nullsoft Winamp M3U File Denial of Service Vulnerability

An attacker can exploit this issue by enticing victims into opening a malicious 'm3u' file.

The following example data is available:

• /data/vulnerabilities/exploits/25152.txt

Nullsoft Winamp M3U File Denial of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Nullsoft Winamp M3U File Denial of Service Vulnerability

References:

• Winamp Home Page (NullSoft)
  
• [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion DoS Vulnerability (BuHa Security)