• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

NullSoft Winamp Long File Name Denial of Service Vulnerability

It has been reported that Winamp may be prone to a denial of service vulnerability when processing files with a name exceeding 246 characters. Immediate consequences of this issue may result in the application crashing. Although unconfirmed, due to the nature of this vulnerability an attack could result in a buffer overflow condition and may lead to arbitrary code execution. Any code execution would occur in the context of the user running the application.

Winamp 5.02 was identified as the vulnerable version, however, it is possible that other versions are affected as well.

Conflicting reports have surfaced regarding this issue. It is possible that this issue may not be valid. This BID will be updated or retired as more information becomes available.