CVE-2006-6539

Name of the Vulnerable Software and Affected Versions Winamp Web Interface (Wawi) versions 7.5.13 and earlier

Description The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long username or a crafted packet to the FindBasicAuth function in security.cpp, related to the "/browse" URI. Additionally, remote authenticated users can cause a denial of service and possibly execute arbitrary code via a long path string in the Browse, CControl::Download, and CControl::Load functions, related to the file parameter in the "/dl" URI.

Recommendations For Winamp Web Interface (Wawi) versions 7.5.13 and earlier, consider disabling the FindBasicAuth function in security.cpp and restricting access to the Browse, CControl::Download, and CControl::Load functions to minimize the risk of exploitation. Avoid using long username and file parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.