WinAMP のセキュリティーホール

Topic: Buffer Overflow in WinAMP in_cdda.dll CDA Device Name

Release Date: 2005-01-27

CVE CAN ID: CAN-2004-1150

http://www.nsfocus.com/english/homepage/research/0501.htm

Affected systems & software (影響のあるバージョン)
===========================
Nullsoft WinAMP 5.0
Nullsoft WinAMP 5.01
Nullsoft WinAMP 5.02
Nullsoft WinAMP 5.03
Nullsoft WinAMP 5.04
Nullsoft WinAMP 5.05
Nullsoft WinAMP 5.06
Nullsoft WinAMP 5.07
Nullsoft WinAMP 5.08

Unaffected systems & software (影響のないバージョン)
=============================
Nullsoft WinAMP 2.X
Nullsoft WinAMP 5.08c

Workaround (一時的な回避方法)
=============
NSFOCUS suggests to remove in_cdda.dll from Plugins of WinAMP.
NSFOCUS は、WinAMP のプラグイン in_cdda.dll を削除することを提案します。

Vendor Status
==============
2004.11.24 Informed the vendor support@winamp.com, no response
2004.12.06 Tests proved winamp 5.07 is affected, informed the vendor again
2004.12.07 The vendor confirmed the vulnerability
2004.12.25 Tests proved winamp 5.08 is affected, informed the vendor
2005.01.10 The vendor released winamp 5.08c to fix the vulnerability

The vendor has released winamp 5.08c to fix this vulnerability. The latest
version is available at http://www.winamp.com/player/

詳細はNSFOCUSへ。繋がらないみたいだけど...