Winamp File Processing Buffer and Integer Overflow Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 15 Oct 2010 4694 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in Winamp, which could be exploited by attackers to cause a denial of service or execute arbitrary code.

1. Due to an integer overflow error in the Matroska Demuxer (in_mkv.dll) when processing a malformed MKV files, which could be exploited to compromise a vulnerable system by convincing a user to open a malicious file.

2. Due to an integer overflow error in the NSV Decoder (in_nsv.dll) when processing a malformed NSV file, which could be exploited to potentially compromise a vulnerable system by convincing a user to open a malicious file.

3. Due to an integer overflow error in the MIDI Player (in_midi.dll) when processing a malformed MID file, which could be exploited to cause a denial of service.

4. Due to a stack overflow error in the Module Decoder (in_mod.dll) when processing a malformed MTM file, which could be exploited to compromise a vulnerable system by convincing a user to open a malicious file and view track information.

Impact

  • Remote Code Execution

System / Technologies affected

  • Winamp version 5.581 and prior

Solutions

  • It is not aware of any vendor-supplied patch.
  • Workaround: Do not open untrusted MKV or MTM files.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Oracle Sun Java JDK / JRE / SDK Multiple Vulnerabilities

14 Oct 2010 4898 Views

Next

BlackBerry Enterprise Server and Professional Software Vulnerability

15 Oct 2010 4690 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY