CVE-2006-5567

EXPLOITED

Nullsoft WinAmp - Heap-Based Buffer Overflow via Ultravox Protocol Handler or Lyrics3 Tags

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2006-5567 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including cocoruder.

AI-analyzed exploit summary This exploit demonstrates a heap overflow vulnerability in Nullsoft Winamp < 5.31 via the Ultravox protocol. It sets up a malicious server that sends a crafted response with an overly large 'Ultravox-Max-Msg' value, leading to a denial-of-service condition.

Description

Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags.

Exploits (1)

exploitdb WORKING POC VERIFIED
by cocoruder · cdoswindows
https://www.exploit-db.com/exploits/2708

This exploit demonstrates a heap overflow vulnerability in Nullsoft Winamp < 5.31 via the Ultravox protocol. It sets up a malicious server that sends a crafted response with an overly large 'Ultravox-Max-Msg' value, leading to a denial-of-service condition.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Nullsoft Winamp < 5.31
No auth needed
Prerequisites: Network access to the target system · Winamp configured to use the Ultravox protocol
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15686
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017119
Patch, Vendor Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=432
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29807
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22580
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20744
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29804
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/449092
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017120
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4196
Various Sources x_refsource_confirm
http://www.winamp.com/player/version_history.php#5.31
Patch, Vendor Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=431

Scores

EPSS 0.4700
EPSS Percentile 97.8%

Details

VulnCheck KEV 2010-05-01
Status published
Products (2)
nullsoft/winamp 5.3
nullsoft/winamp 5.24
Published Oct 27, 2006
Tracked Since Feb 18, 2026