ALERT

AN EMERGING ISSUE WITH:
WINAMP 2.79
SEVERITY:
Medium

DATE:
April 26, 2002

SUMMARY:
On April 25, security researcher Andreas Sandblad published
information regarding a buffer overflow vulnerability in the popular
MP3 player, Winamp. This vulnerability could allow an attacker to
execute code on a computer system, with the permissions of the
logged in user. There is no direct impact on WatchGuard's products.
Administrators with vulnerable systems are encouraged to download
and install the patched version of Winamp now available on the
Winamp web site.



EXPOSURE:


The MP3 file format allows for a URL to be embedded in the file.
Typically, when such an MP3 file is played, the player uses this URL
to contact a Web site and download lyrics, general information about
the song, or advertisements. Sandblad found a way to construct the
embedded URL so that it would be able to overflow
<https://www3.watchguard.com/archive/....asp?pack=1188> the
memory address allocated for the purpose of contacting the Web, and
then execute code of the attacker's choosing. Potentially, this code
could be used to accomplish anything a legitimate user could do,
such as adding or deleting files or reformatting the hard drive.



SOLUTION PATH:


Regardless of what WatchGuard product you use, your primary recourse
is to download and install the new player (version 2.80) from
Winamp.



STATUS:


A new version of Winamp is available from Winamp.com.
<http://www.winamp.com/download>