Virus

W32/WinAmp.C!exploit

Analysis

This exploit relies on a buffer overrun condition in Winamp 5.12 (and prior) and "playlist" files, or data files that represent a list of songs to play in the audio application Winamp.

Successful implementation of the exploit could cause trojanized playlists to run arbitrary code. Winamp v5.13 corrects the vulnerability and should not be susceptible to the exploit.

Recommended Action

FortiGate systems:

check the main screen using the web interface to ensure the latest AV/NIDS database has been downloaded and installed -- if required, enable the "Allow Push Update" option
FortiClient systems:
Quarantine/Delete infected files detected

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR

ID	149002
Released	Jan 30, 2006
Description Updated	Feb 01, 2006
Aliases	Exploit-WinampPLS [McAfee], Exploit.Win32.WinAmp.c [KAV]
Platform Profile	Win32 file format / PE 32 bit
Profile Type	Exploits (exploit)

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Virus

W32/WinAmp.C!exploit

Analysis

Recommended Action

Telemetry

Detection Availability

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Virus

W32/WinAmp.C!exploit

Analysis

Recommended Action

Telemetry

Detection Availability

Threat Intelligence
Center