Friday, May 22, 2009

Winamp MAKI Parsing Vulnerability Details

Via SourceFire VRT -

About two months ago, we found a vulnerability in the Winamp 5.55 MAKI script parsing module. We reported our findings to AOL. AOL then released Winamp version 5.552 with the fix. Here are the details:

Winamp MAKI Parsing Integer Overflow Vulnerability



Systems Affected:
Winamp 5.55 and prior versions that support Modern Skins.

A vulnerability exists in Winamp. The vulnerability is due to an incorrect type cast while parsing a .maki file (a compiled script file), causing a buffer overflow. An attacker could provide a user with a modern skin (via a webpage download for example) that uses the maki script to execute arbitrary code within the context of the current user.


PoC Exploit =

No comments:

Post a Comment