Summary
This host is installed with Winamp and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code or cause a denial of service.
Impact Level: Application.
Solution
upgrade to Winamp 5.6 or later,
For updates refer to http://www.winamp.com/media-player
Insight
- Multiple integer overflow errors in in_nsv.dll in the in_nsv plugin allow remote attackers to execute arbitrary code via a crafted Table of Contents.
- Multiple integer overflow errors in the in_midi plugin allow remote attackers to cause buffer overflow.
- A buffer overflow error in the in_mod plugin allows remote attackers to have an unspecified impact via vectors related to the comment box.
- An error in_mkv plugin allows remote attackers to cause a denial of service via a Matroska Video file containing a string with a crafted length.
- An error in in_mp4 plugin allows remote attackers to cause a denial of service via crafted metadata or albumart in an invalid MP4 file.
Affected
Winamp versions prior to 5.6
References
Severity
Classification
-
CVE CVE-2010-2586, CVE-2010-4370, CVE-2010-4371, CVE-2010-4372, CVE-2010-4373, CVE-2010-4374 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)
- Adobe Acrobat Remote Code Execution Vulnerability(Win)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X
- Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)