Winamp 'AVI' File Multiple Heap-based Buffer Overflow Vulnerabilities Network Vulnerability

Summary

This host is installed with Winamp and is prone to heap-based buffer overflow vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary code in the context of the application. Impact Level: System/Application

Solution

upgrade to Winamp 5.63 build 3235 or later, For updates refer to http://www.winamp.com/media-player

Insight

Errors in bmp.w5s, - when allocating memory using values from the 'strf' chunk to process BI_RGB video and UYVY video data within AVI files. - when processing decompressed TechSmith Screen Capture Codec (TSCC) data within AVI files.

Affected

Winamp version before 5.63 build 3235

References

http://forums.winamp.com/showthread.php?t=345684
http://secunia.com/advisories/46624
http://www.osvdb.org/83097
http://www.securityfocus.com/bid/54131/discuss

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4045
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Shockwave Player 3D Model Buffer Overflow Vulnerabilities
Apple iTunes 'itms:' URI Stack Buffer Overflow Vulnerability
BreakPoint Software, Hex Workshop Buffer Overflow vulnerability
Cogent DataHub Unicode Buffer Overflow Vulnerability
Cscope Multiple Buffer Overflow vulnerability

Take action and discover your vulnerabilities