Vulnerabilities > CVE-2006-0476 - Remote Buffer Overflow vulnerability in Nullsoft Winamp 5.12
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Winamp Playlist UNC Path Computer Name Overflow. CVE-2006-0476. Local exploit for windows platform id EDB-ID:16531 last seen 2016-02-02 modified 2010-04-30 published 2010-04-30 reporter metasploit source https://www.exploit-db.com/download/16531/ title Winamp - Playlist UNC Path Computer Name Overflow description Winamp. CVE-2006-0476. Remote exploit for windows platform file exploits/windows/remote/1458.cpp id EDB-ID:1458 last seen 2016-01-31 modified 2006-01-29 platform windows port published 2006-01-29 reporter ATmaCA source https://www.exploit-db.com/download/1458/ title Winamp <= 5.12 - .pls Remote Buffer Overflow Exploit 0Day type remote id EDB-ID:3422
Metasploit
description | This module exploits a vulnerability in the Winamp media player. This flaw is triggered when an audio file path is specified, inside a playlist, that consists of a UNC path with a long computer name. This module delivers the playlist via the browser. This module has only been successfully tested on Winamp 5.11 and 5.12. |
id | MSF:EXPLOIT/WINDOWS/BROWSER/WINAMP_PLAYLIST_UNC |
last seen | 2019-12-16 |
modified | 2017-09-14 |
published | 2006-04-30 |
references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0476 |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/winamp_playlist_unc.rb |
title | Winamp Playlist UNC Path Computer Name Overflow |
Nessus
NASL family | Windows |
NASL id | WINAMP_513.NASL |
description | The remote host is using Winamp, a popular media player for Windows. It |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 20826 |
published | 2006-01-31 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/20826 |
title | Winamp < 5.13 Playlist Handling Multiple Overflows |
code |
|
Oval
accepted | 2009-11-09T04:00:03.860-05:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field). | ||||||||||||
family | windows | ||||||||||||
id | oval:org.mitre.oval:def:1402 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2006-02-01T08:59:00.000-04:00 | ||||||||||||
title | Winamp Hostname Buffer Overflow | ||||||||||||
version | 5 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/82961/winamp_playlist_unc.rb.txt |
id | PACKETSTORM:82961 |
last seen | 2016-12-05 |
published | 2009-11-26 |
reporter | H D Moore |
source | https://packetstormsecurity.com/files/82961/Winamp-Playlist-UNC-Path-Computer-Name-Overflow.html |
title | Winamp Playlist UNC Path Computer Name Overflow |
Saint
bid | 16410 |
description | Winamp playlist file buffer overflow |
id | misc_winamp |
osvdb | 22789 |
title | winamp_playlist_file |
type | client |
References
- http://secunia.com/advisories/18649
- http://securityreason.com/securityalert/386
- http://securityreason.com/securityalert/398
- http://securitytracker.com/id?1015552
- http://www.heise.de/newsticker/meldung/68981
- http://www.kb.cert.org/vuls/id/604745
- http://www.osvdb.org/22789
- http://www.securityfocus.com/archive/1/423436/100/0/threaded
- http://www.securityfocus.com/archive/1/423548/100/0/threaded
- http://www.securityfocus.com/bid/16410
- http://www.us-cert.gov/cas/techalerts/TA06-032A.html
- http://www.vupen.com/english/advisories/2006/0361
- http://www.winamp.com/player/version_history.php
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24361
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1402
- https://www.exploit-db.com/exploits/3422