Description
Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.
Product(s):
- Nullsoft Winamp 5.01
- Nullsoft Winamp 5.02
- Nullsoft Winamp 5.03
- Nullsoft Winamp 5.04
- Nullsoft Winamp 5.05
- Nullsoft Winamp 5.06
- Nullsoft Winamp 5.07
- Nullsoft Winamp 5.08c
- Nullsoft Winamp 5.0
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-1150, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-1150 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.