Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Winamp | Nullsoft | 5.0 (including) | 5.0 (including) |
| Winamp | Nullsoft | 5.01 (including) | 5.01 (including) |
| Winamp | Nullsoft | 5.02 (including) | 5.02 (including) |
| Winamp | Nullsoft | 5.03 (including) | 5.03 (including) |
| Winamp | Nullsoft | 5.04 (including) | 5.04 (including) |
| Winamp | Nullsoft | 5.05 (including) | 5.05 (including) |
| Winamp | Nullsoft | 5.06 (including) | 5.06 (including) |
| Winamp | Nullsoft | 5.07 (including) | 5.07 (including) |
| Winamp | Nullsoft | 5.08c (including) | 5.08c (including) |
| Winamp | Nullsoft | 5.08d (including) | 5.08d (including) |
| Winamp | Nullsoft | 5.08e (including) | 5.08e (including) |
| Winamp | Nullsoft | 5.09 (including) | 5.09 (including) |
| Winamp | Nullsoft | 5.11 (including) | 5.11 (including) |
| Winamp | Nullsoft | 5.12 (including) | 5.12 (including) |
| Winamp | Nullsoft | 5.13 (including) | 5.13 (including) |
| Winamp | Nullsoft | 5.091 (including) | 5.091 (including) |
| Winamp | Nullsoft | 5.093 (including) | 5.093 (including) |
| Winamp | Nullsoft | 5.094 (including) | 5.094 (including) |