##############################################################################
#
#  Nullsoft Winamp Variant IN_CDDA.dll Remote Buffer Overflow Vulnerability 
#
#  Copyright: OS2A and it's member companies
#
#  Date Written: 2005/07/12
#
#  $Revision: 1.3 $
#
#  $Log: os2a_winamp_cdda_dll_600250.nasl,v $
#  Revision 1.3  2006/03/09 16:46:21  rdanford
#  added space after factor in risk-factor
#
#  Revision 1.2  2006/03/09 05:50:14  ksjayesh
#  regex changed as per new kb
#  invalid risk factor
#
#  Revision 1.1  2005/09/06 20:34:55  rdanford
#  issue #460 prod
#
#  Revision 1.3  2005/07/15 14:10:14  bchandra
#  Issue #460
#  Added script_require_keys
#
#  Revision 1.2  2005/07/12 12:16:09  schandan
#  Issue #460
#
#  Revision 1.1  2005/07/12 11:45:19  schandan
#  Issue #460
#
# 
#  ------------------------------------------------------------------------
#  This program was written by OS2A and/or it's member companies and is
#  licensed under the GNU GPL license. Please see below for details. This
#  header contains information regarding licensing terms under the GPL, and
#  information regarding obtaining source code from the Author. Consequently,
#  pursuant to section 3(c) of the GPL, you must accompany the information
#  found in this header with any distribution you make of this Program.
#  ------------------------------------------------------------------------
##############################################################################

if(description)
{
 script_id(600250);
 script_bugtraq_id(12381);
 script_cve_id("CAN-2004-1150");
 script_copyright(english:"Copyright (C) 2005 OS2A");
 script_version("$Revision: 1.3 $");
 script_category(ACT_GATHER_INFO);
 script_family(english:"Windows");

 name["english"] = "Nullsoft Winamp Variant IN_CDDA.dll Remote Buffer Overflow Vulnerability";
 script_name(english:name["english"]);
 
 summary["english"] = "Check for Winamp version";
 script_summary(english:summary["english"]);

 desc["english"] = "

 Overview: A remote buffer overflow vulnerability affects the IN_CDDA.dll
 library of Nullsoft's Winamp. This issue is due to a failure of the
 application to properly validate the length of user-supplied strings
 prior to copying them into finite process buffers.

 Impact: An attacker may exploit this issue to execute arbitrary code with
 the privileges of the user that activated the vulnerable application.

 Affected Software: Nullsoft Winamp 5.08 and prior.

 Affected Platform: Any Windows platform.

 Solution: Upgrade to WinAMP 5.0.8c or later.
 http://forums.winamp.com/showthread.php?s=&threadid=202799

 References: http://www.securityfocus.com/bid/12381

 Risk factor : High";
 
 script_description(english:desc["english"]);
 
 script_dependencies("os2a_winamp_version_600246.nasl");
 script_require_keys("Nullsoft/Winamp/Version");
 exit(0);
}


 winampVersion = get_kb_item("Nullsoft/Winamp/Version");
 if(ereg(pattern:"^[0-4].*|5\.0([0-8]([a-b])?)?($|\..*)",
	 string:winampVersion))
 {
	security_hole(0);
	exit(0);
 }