Vulnerabilities > CVE-2006-3228 - Remote Security vulnerability in Winamp
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file.
Vulnerable Configurations
Exploit-Db
| description | Winamp. CVE-2006-3228. Dos exploit for windows platform |
| file | exploits/windows/dos/1935.cpp |
| id | EDB-ID:1935 |
| last seen | 2016-01-31 |
| modified | 2006-06-20 |
| platform | windows |
| port | |
| published | 2006-06-20 |
| reporter | BassReFLeX |
| source | https://www.exploit-db.com/download/1935/ |
| title | Winamp <= 5.21 - Midi File Header Handling Buffer Overflow PoC |
| type | dos |
Nessus
NASL family Windows NASL id WINAMP_524.NASL description The remote host is using Winamp, a popular media player for Windows. The version of Winamp installed on the remote Windows host reportedly contains a buffer overflow in the MIDI plugin ( last seen 2020-06-01 modified 2020-06-02 plugin id 21738 published 2006-06-22 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21738 title Winamp < 5.24 in_midi.dll MIDI File Processing Overflow code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(21738); script_version("1.17"); script_cvs_date("Date: 2018/08/15 16:35:43"); script_cve_id("CVE-2006-3228"); script_xref(name:"EDB-ID", value:"1935"); script_name(english:"Winamp < 5.24 in_midi.dll MIDI File Processing Overflow"); script_summary(english:"Checks the version number of Winamp"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a multimedia application that is prone to a buffer overflow attack." ); script_set_attribute(attribute:"description", value: "The remote host is using Winamp, a popular media player for Windows. The version of Winamp installed on the remote Windows host reportedly contains a buffer overflow in the MIDI plugin ('in_midi.dll') that can be exploited using a MIDI file with a specially crafted header to crash the affected application or possibly even execute arbitrary code remotely, subject to the privileges of the user running the application." ); script_set_attribute(attribute:"see_also", value:"http://forums.winamp.com/showthread.php?threadid=248100" ); script_set_attribute(attribute:"see_also", value:"http://www.winamp.com/player/version-history" ); script_set_attribute(attribute:"solution", value: "Upgrade to Winamp version 5.24 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2006/06/22"); script_set_attribute(attribute:"vuln_publication_date", value: "2006/06/20"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:nullsoft:winamp"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_dependencies("winamp_in_cdda_buffer_overflow.nasl"); script_require_keys("SMB/Winamp/Version"); exit(0); } # Check version of Winamp. # # nb: the KB item is based on GetFileVersion, which may differ # from what the client might report. ver = get_kb_item("SMB/Winamp/Version"); if (ver && ver =~ "^([0-4]\.|5\.([01]\.|2\.[0-3]\.))") security_hole(get_kb_item("SMB/transport"));NASL family Windows NASL id WINAMP_522.NASL description The remote host is using Winamp, a popular media player for Windows. The version of Winamp installed on the remote Windows host reportedly contains a buffer overflow in the last seen 2020-06-01 modified 2020-06-02 plugin id 21733 published 2006-06-20 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21733 title Winamp < 5.22 Malformed Midi File Handling Buffer Overflow
References
- http://forums.winamp.com/showthread.php?threadid=248100
- http://secunia.com/advisories/20722
- http://www.attrition.org/pipermail/vim/2006-June/000892.html
- http://www.attrition.org/pipermail/vim/2006-June/000893.html
- http://www.winamp.com/about/article.php?aid=10694
- https://www.exploit-db.com/exploits/1935