Lyrics3 is a system for embedding the lyrics inside an MP3 song file. AOL Nullsoft Winamp fails to properly handle malformed Lyrics3 tags allowing a heap based buffer overflow to occur.
This vulnerability may be triggered by persuading a user to access a specially crafted playlist file or connect to a malicious server with Winamp
Impact
A remote, unauthenticated attacker execute arbitrary code on a vulnerable system.
Fix IT
UpgradeThis vulnerability is addressed in AOL Nullsoft Winamp version 3.51.
Until it is possible to upgrade to AOL Nullsoft Winamp version 3.51, the following workarounds will help reduce the chances of exploitation:
Disable Winamp playlist file association
Disable the file association for Winamp playlist files to help prevent Windows applications from using Winamp to open playlists. This can be accomplished by deleting the following registry key:
- HKEY_CLASSES_ROOT\Winamp.Playlist
Links to malicious playlist files may be accessed using the Shoutcast (shout:) or Ultravox (uvox:) protocols. Disabling these protocols will reduce the chances of exploitation. This can be accomplished by deleting the following registry keys:
- HKEY_CLASSES_ROOT\ICY
HKEY_CLASSES_ROOT\SC
HKEY_CLASSES_ROOT\SHOUT
HKEY_CLASSES_ROOT\UVOX
Do not open Winamp playlist files
Do not open Winamp playlist files (.PLS or .M3U) from untrusted sources.Credit
This vulnerability was reported by iDEFENSE.
This document was written by Jeff Gennari.
No comments:
Post a Comment