Winamp AVI / IT File Processing Vulnerabilities

Last Update Date: 22 Jun 2012 12:47 Release Date: 22 Jun 2012 4400 Views

RISK: Medium Risk

Medium Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been identified in Winamp, which can be exploited by malicious people to compromise a user's system.

  1. An error in bmp.w5s when allocating memory using values from the "strf" chunk to process BI_RGB video data within AVI files can be exploited to cause a heap-based buffer overflow.
  2. An error in bmp.w5s when allocating memory using values from the "strf" chunk to process UYVY video data within AVI files can be exploited to cause a heap-based buffer overflow.
  3. An error in bmp.w5s when processing decompressed TechSmith Screen Capture Codec (TSCC) data within AVI files can be exploited to cause a heap-based buffer overflow.
  4. Some unspecified errors in the in_mod.dll module when processing Impulse Tracker (IT) files can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

The vulnerabilities #1 through #3 are confirmed in version 5.622. Other versions may also be affected.

Impact

  • Remote Code Execution

System / Technologies affected

  • Winamp 5.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 5.63 Build 3234.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Cisco AnyConnect Secure Mobility Client Software Update Vulnerability

21 Jun 2012 4700 Views

Next

F5 Products Multiple Vulnerabilities

22 Jun 2012 4741 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY