Intrusion Prevention

Playlist.Buffer.Overflow

Description

This indicates an exploit attempt against a Buffer Overflow vulnerability in various media player.
The vulnerability allows remote attackers to execute arbitrary code via a "m3u" or "pls" file containing an overly long line. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted file.

Affected Products

Nullsoft Winamp 5.094 and 5.12
Apple iTunes 4.7
Apple iTunes before 9.0.1
KUDRSOFT AudioPLUS 2.0.0.215
Sony SonicStage CONNECT Player (CP) 4.3
AtomixMP3 2.3
COWON America jetAudio Basic 7.0.3

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.