Winamp VP6 Content Parsing Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is installed with Winamp and is prone to heap-based buffer overflow vulnerability.

Impact

Successful exploitation will allow attackers to execute arbitrary code or can be exploited by malicious people to potentially compromise a user's system. Impact Level: Application.

Solution

upgrade to Winamp 5.59 Beta build 3033 or later, For updates refer to http://www.winamp.com/media-player

Insight

The flaw is caused by an error in the VP6 codec (vp6.w5s) when parsing VP6 video content. This can be exploited to cause a heap-based buffer overflow via a specially crafted media file or stream.

Affected

Winamp version before 5.59 Beta build 3033 (5.5.9.3033)

References

http://forums.winamp.com/showthread.php?t=322995
http://secunia.com/secunia_research/2010-95/
http://www.securityfocus.com/archive/1/archive/1/514484/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1523
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Buffer Overflow Vulnerability (Windows)
Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows)
AIMP ID3 Tag Buffer Overflow Vulnerability
Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Windows)
Alleycode HTML Editor Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities