This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit buffer overflow vulnerability by passing invalid Winamp Ultravox header containing large arguments.
AOL Nullsoft Winamp is a freely available media player from AOL. It is available for the Microsoft Windows platform. The Ultravox protocol was created by AOL to handle streaming multimedia content.
Winamp is prone to multiple Ultravox-related remote heap buffer-overflow vulnerabilities. These issues are due to a failure of the application to properly bounds-check user-supplied input prior to copying it into an insufficiently-sized memory buffer.
The two specific issues are as follows:n- a flaw in the handling of the 'ultravox-max-msg' headern- a flaw in the handling of vertain Lyrics3 tags.
These issues both result in the client allocating an overly small memory buffer, and then attempting to copy more server-supplied data into the buffer than will fit. This will potentially result in overwriting critical memory regions with attacker-supplied data, facilitating code-execution.n n Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the vulnerable application. This will facilitate the remote compromise of affected computers.n n Attackers would have to coerce unsuspecting users to connect to a malicious server with the vulnerable application to exploit these issues. This may be accomplished by having users follow a malicious URI ('shout:', or 'uvox:' URIs), or by embedding malicious data in a playlist file.
- NullSoft Winamp 5.3, 5.24