WinAmp Subject to Denial of Service

Reported January 23, 2001, by Win2KsecAdvice.

VERSIONS AFFECTED

  • Nullsoft Winamp 1.90

  • Nullsoft Winamp 2.72

DESCRIPTION

A boundary-checking problem that was discovered and patched in earlier versions of Winamp has resurfaced. If a user opens a location that is 256 bytes long, Winamp crashes.

DEMONSTRATION

The following causes Winamp to crash:  

C:\>Winamp aaaaaa (x260)

VENDOR RESPONSE

The vendor, Nullsoft, was notified more than 2 years ago about the original problem and has been notified recently about the same issue occurring in Winamp 1.90 and WinAmp 2.72.

CREDIT
Discovered by Strumf Noir Security.
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish