W32/WinAmp.C!exploit
Analysis
This exploit relies on a buffer overrun condition in Winamp 5.12 (and prior) and "playlist" files, or data files that represent a list of songs to play in the audio application Winamp.
Successful implementation of the exploit could cause trojanized playlists to run arbitrary code. Winamp v5.13 corrects the vulnerability and should not be susceptible to the exploit.
Recommended Action
- check the main screen using the web interface to ensure the latest AV/NIDS
database has been downloaded and installed -- if required, enable the "Allow
Push Update" option
FortiClient systems:
- Quarantine/Delete infected files detected
FortiGate systems:
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |