Hole in gen_msn plug-in for Winamp
The Now Playing plug-in gen_msn, for the Winamp media player, has a hole which allows an attackers code to be executed from a playlist file. The plug-in is used to allow users to display to others what they are listening to, via Microsoft's instant messaging. A similar hole was found in August with the integrated Now Playing function of Winamp.
The cause of the vulnerability is a boundary error in gen_msn.dll
when there are over long entries in a playlist. This error can be exploited to cause a buffer overflow. For a successful attack, the user needs to open a .pls
play list file in Winamp. The problem has been confirmed for gen_msn version 0.31 with Winamp 5.541, although other versions may be vulnerable. Users are advised not open untrusted files or streams, with the plug-in installed.
See also:
- WinAmp GEN_MSN Plugin Heap Buffer Overflow, SKD's advisory
- Winamp gen_msn Plugin Buffer Overflow Vulnerability, Secunia advisory
(djwm)