Winamp Lyrics3 and Ultravox Processing Unspecified Vulnerabilities

Posted on Wednesday, October 25, 2006 @ 15:59:44 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA22580

VERIFY ADVISORY: http://secunia.com/advisories/22580/

CRITICAL: Highly critical

IMPACT: Unknown

WHERE: >From remote

SOFTWARE:
WinAMP 2.x - http://secunia.com/product/894/
WinAMP 3.x - http://secunia.com/product/382/
Winamp 5.x - http://secunia.com/product/3021/

DESCRIPTION: Two vulnerabilities with an unknown impact have been reported in Winamp. 1) An unspecified error exists in in_mp3.dll when processing lyrics3. 2) An unspecified error exists in in_mp3.dll when processing ultravox. The vulnerabilities are reported in versions 2.666 through 5.3.

SOLUTION: Update to version 5.31. -http://www.winamp.com/player/

PROVIDED AND/OR DISCOVERED BY: The vendor credits iDefense Labs.

ORIGINAL ADVISORY: http://www.winamp.com/player/version_history.php#5.31