• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Nullsoft Winamp Variant IN_CDDA.dll Remote Buffer Overflow Vulnerability

A remote buffer overflow vulnerability affects the IN_CDDA.dll library of Nullsoft's Winamp. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into finite process buffers. It should be noted that this issue is not related to the issue outlined in BID 11730 (Nullsoft Winamp IN_CDDA.dll Remote Buffer Overflow Vulnerability).

This issue will facilitate remote exploitation as an attacker may distribute malicious play-list files and entice unsuspecting users to process them with the affected application.

It should be noted that this issue was originally reported in BID 12245 (Nullsoft Winamp Multiple Unspecified Vulnerabilities). It has been assigned a new BID due to the release of more information.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application.