Rule: -- Sid: 3088 -- Summary: This event is generated when an attempt is made to exploit a client buffer overflow associated with Winamp's processing of a filename with an extension of .cda. -- Impact: A successful attack may permit a buffer overflow that allows the execution of arbitrary code at the privilege level of the user running Winamp. -- Detailed Information: Winamp is a media file player for Windows developed by Nullsoft. A buffer overflow exists because of insufficient bounds checking while handling the name of a CD audio format file (.cda extension) or a playlist that contains a filename with a .cda extension. An overly long name may cause the buffer overflow permitting the execution of arbitrary code at the privilege level of the user running Winamp. -- Affected Systems: Winamp 3.x, and 5.x -- Attack Scenarios: An attacker can create and send a malformed .cda filename that may cause a buffer overflow and the subsequent execution of arbitrary code on the vulnerable host. -- Ease of Attack: Simple. -- False Positives: None known. -- False Negatives: None known. -- Corrective Action: Upgrade to the latest non-affected version of the software. -- Contributors: Sourcefire Research Team Judy Novak <judy.novak@sourcefire.com> -- Additional References --