CVE-2004-1396

Vulnerability

Winamp versions 5.07 and earlier contain two denial-of-service vulnerabilities [1][2][3]. The first is in the handling of metadata (tags) in .mp4 and .m4a files; invalid tag data causes the application to crash when the file is loaded [1][2]. The second occurs when malformed .nsv or .nsa files are opened, triggering 100% CPU consumption and system slowdown [2][3]. Both attack vectors can be triggered remotely via playlist files (.pls or .m3u) that reference the malicious media files [2][3].

Exploitation

For the crash vector (Vuln 1), an attacker crafts an .mp4 or .m4a file with invalid tag data and hosts it on a web server [2][3]. The attacker then creates a playlist file (.pls or .m3u) that points to the malicious file and embeds it in a webpage using an iframe [2][3]. If the victim's browser is configured to automatically open playlist files with Winamp, simply visiting the webpage causes Winamp to load the malicious media file and crash [1][2][3]. No authentication or user interaction beyond clicking the link is required [2][3]. For the CPU exhaustion vector (Vuln 2), the attacker creates a large (e.g., 1 MB) file filled with junk data giving it a .nsv or .nsa extension; when Winamp opens the file, it consumes 100% CPU, potentially freezing the system [2][3].

Impact

Successful exploitation of either vulnerability results in a denial of service (DoS) [1][2][3]. The crash vector terminates the Winamp process, disrupting playback. The CPU consumption vector can degrade system performance and may lead to an unresponsive desktop [2]. No data exfiltration, privilege escalation, or persistent compromise is achieved; the impact is limited to loss of service on the affected machine [1].

Mitigation

The vendor released Winamp version 5.08c, which addresses these flaws [1]. Users should upgrade to Winamp 5.08c or later, available from the official Winamp website [1]. As a workaround, configure the web browser to prompt before opening .pls, .m3u, .mp4, .m4a, .nsv, or .nsa files with Winamp, and avoid opening such files from untrusted sources [1]. No further patches have been published for earlier versions; the software is likely no longer supported [1][2][3].