Check Point Advisories

Update Protection against AOL Nullsoft Winamp Ultravox Heap Overflow Vulnerability

Check Point Reference:	CPAI-2006-144
Date Published:	30 Nov 2006
Severity:	Critical
Last Updated:	Thursday 03 May, 2007
Source:	Secunia Advisory: SA22580
Industry Reference:	CVE-2006-5567
Protection Provided by:
Who is Vulnerable?	AOL Winamp versions 2.666 through 5.3
Vulnerability Description	A heap-based buffer overflow vulnerability was detected in the multimedia player AOL Nullsoft Winamp. A remote attacker can exploit this vulnerability to execute arbitrary code on an affected system.
Update/Patch Avaliable	Upgrade to AOL Winamp version 5.31: http://www.winamp.com/player/
Vulnerability Details	The vulnerability is due to the applications failure to properly handle 'ultravox-max-msg' headers. An attacker could exploit this flaw by convincing a user to open a specially crafted playlist file that contains a malicious ?ultravox-max-msg? header. Successful exploitation may result in execution of arbitrary code once the Winamp player is loaded.