Winamp AVI And IT Files Parsing Buffer Overflow Vulnerabilities Network Vulnerability

Summary

This host is installed with Winamp and is prone to buffer overflow vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary code or cause a buffer overflow. Impact Level: Application.

Solution

Upgrade to Winamp 5.623 or later, For updates refer to http://www.winamp.com/media-player

Insight

Flaws are due to an error in, - 'in_avi.dll' plugin when parsing an AVI file with a crafted value for the number of streams or the size of the RIFF INFO chunk. - 'in_mod.dll' plugin when parsing a crafted song message data in an Impulse Tracker (IT) file.

Affected

Nullsoft Winamp version 5.622 and prior.

References

http://forums.winamp.com/showthread.php?t=332010
http://seclists.org/fulldisclosure/2011/Dec/321
http://secunia.com/advisories/46882
http://www.securityfocus.com/bid/51015/info

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3834, CVE-2011-4857
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Mac OS X)
Apache mod_proxy content-length buffer overflow
BaoFeng Storm ActiveX Control Buffer Overflow Vulnerability
ClamAV 'find_stream_bounds()' function Buffer Overflow Vulnerability
Dell Webcam 'crazytalk4.ocx' ActiveX Multiple BOF Vulnerabilities

Take action and discover your vulnerabilities