1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Nullsoft Winamp MAKI BO CVE-2009-1831

Attack: Nullsoft Winamp MAKI BO CVE-2009-1831

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects an attempt to exploit a buffer overflow vulnerability in nullsoft winamp application.

Additional Information

Nullsoft Winamp is a media player for Microsoft Windows.

The application is prone to a buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input. Specifically, the issue stems from a type-casting error when parsing a specially crafted '.maki' file in the 'gen_ff.dll' library. Attackers can exploit this issue by enticing an unsuspecting user into loading a malicious skin onto the media player.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Winamp 5.55 and prior versions are vulnerable.


Reportedly, the vendor has fixed the issue in Winamp 5.552, but Symantec has not confirmed this. Please see the references for more information.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube