Winamp AVI / IT File Processing Vulnerabilities
Last Update Date:
22 Jun 2012 12:47
Release Date:
22 Jun 2012
4905
Views
RISK: Medium Risk
TYPE: Clients - Audio & Video
Multiple vulnerabilities have been identified in Winamp, which can be exploited by malicious people to compromise a user's system.
- An error in bmp.w5s when allocating memory using values from the "strf" chunk to process BI_RGB video data within AVI files can be exploited to cause a heap-based buffer overflow.
- An error in bmp.w5s when allocating memory using values from the "strf" chunk to process UYVY video data within AVI files can be exploited to cause a heap-based buffer overflow.
- An error in bmp.w5s when processing decompressed TechSmith Screen Capture Codec (TSCC) data within AVI files can be exploited to cause a heap-based buffer overflow.
- Some unspecified errors in the in_mod.dll module when processing Impulse Tracker (IT) files can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities allows execution of arbitrary code.
The vulnerabilities #1 through #3 are confirmed in version 5.622. Other versions may also be affected.
Impact
- Remote Code Execution
System / Technologies affected
- Winamp 5.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 5.63 Build 3234.
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with