Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Winamp 0-day SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Winamp 0-day
A remote code execution vulnerability and exploit for Winamp 5.34 has been released.

The vulnerability exists within Winamp's MP4 decoding.  Successful exploitation will allow an attacker to execute arbitrary code under the context of the logged in user.

After install Winamp is associated with .MP4 files. However, Winamp does not open .MP4 files embedded within websites. This forces would-be attackers to deliver the .MP4 directly to the user’s host. E-mail or a website link that would require the download of the .MP4 file in order to play are the most likely exploit vectors.

Removal of the association of .MP4 files to Winamp will mitigate this vulnerability until a vendor supplied patch is available.


140 Posts
May 2nd 2007

Sign Up for Free or Log In to start participating in the conversation!