Skip to main content

Winamp AVI / IT File Processing Vulnerabilities

Last Update Date: 22 Jun 2012 12:47 Release Date: 22 Jun 2012 4905 Views

RISK: Medium Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been identified in Winamp, which can be exploited by malicious people to compromise a user's system.

  1. An error in bmp.w5s when allocating memory using values from the "strf" chunk to process BI_RGB video data within AVI files can be exploited to cause a heap-based buffer overflow.
  2. An error in bmp.w5s when allocating memory using values from the "strf" chunk to process UYVY video data within AVI files can be exploited to cause a heap-based buffer overflow.
  3. An error in bmp.w5s when processing decompressed TechSmith Screen Capture Codec (TSCC) data within AVI files can be exploited to cause a heap-based buffer overflow.
  4. Some unspecified errors in the in_mod.dll module when processing Impulse Tracker (IT) files can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

The vulnerabilities #1 through #3 are confirmed in version 5.622. Other versions may also be affected.


Impact

  • Remote Code Execution

System / Technologies affected

  • Winamp 5.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 5.63 Build 3234.

Vulnerability Identifier

  • No CVE information is available

Source


Related Link