Winamp File Processing Buffer and Integer Overflow Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilities have been identified in Winamp, which could be exploited by attackers to cause a denial of service or execute arbitrary code.
1. Due to an integer overflow error in the Matroska Demuxer (in_mkv.dll) when processing a malformed MKV files, which could be exploited to compromise a vulnerable system by convincing a user to open a malicious file.
2. Due to an integer overflow error in the NSV Decoder (in_nsv.dll) when processing a malformed NSV file, which could be exploited to potentially compromise a vulnerable system by convincing a user to open a malicious file.
3. Due to an integer overflow error in the MIDI Player (in_midi.dll) when processing a malformed MID file, which could be exploited to cause a denial of service.
4. Due to a stack overflow error in the Module Decoder (in_mod.dll) when processing a malformed MTM file, which could be exploited to compromise a vulnerable system by convincing a user to open a malicious file and view track information.
Impact
- Remote Code Execution
System / Technologies affected
- Winamp version 5.581 and prior
Solutions
- It is not aware of any vendor-supplied patch.
- Workaround: Do not open untrusted MKV or MTM files.
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with