Nullsoft Winamp Automatic Update Check Buffer Overflow Vulnerability

Nullsoft Winamp Automatic Update Check Buffer Overflow Vulnerability

Nullsoft Winamp is a media player for Microsoft Windows supporting MP3 and other filetypes.

Winamp is vulnerable to a buffer overflow condition when checking for updated versions. A malicious server located at www.winamp.com may return a malicious response. Exploitation may result in the execution of arbitrary code as the Winamp process.

It may be possible to exploit this vulnerability if an attacker can control the resolution of the www.winamp.com domain, possibly through DNS cache poisoning.