en

‫ Winamp Multiple Vulnerabilities

IRCAD2011061282
ID:IRCAD2011061282
Release Date: 2011-06-27
Criticality level: Highly critical
Software:
Winamp 5.x
Description:
Multiple vulnerabilities are discovered in Winamp, which can be exploited by malicious people to potentially compromise a user's system.
1) An error in vp6.w5s when parsing media files encoded with the On2 TrueMotion VP6 codec where the "version" field value is greater than 8 can be exploited to corrupt memory via a specially crafted FLV file.
2) An error when parsing the "CustomWidth" and "CustomHeight" fields in H263 video content can be exploited to corrupt memory via a specially crafted FLV file.
3) An error in nsvdec_vp5.dll when decompressing frames can be exploited to cause a heap-based buffer overflow via a specially crafted NSV file.
4) An integer overflow error in nsvdec_vp6.dll when parsing screen dimensions can be exploited to corrupt memory via a specially crafted NSV file.
5) An error in nsvdec_vp3.dll in the handling of screen dimensions when decompressing frames can be exploited to cause a heap-based buffer overflow via a specially crafted NSV file.
6) An error in in_mod.dll can be exploited to corrupt memory via a specially crafted IT file.
7) An error in in_midi.dll when handling "Controller" messages can be exploited to cause a heap-based buffer overflow via a specially crafted MIDI file.
8) An error in in_midi.dll when handling "Note On" messages can be exploited to cause a heap-based buffer overflow via a specially crafted file.
9) An error in in_midi.dll when parsing MTrk chunks can be exploited to corrupt memory via a specially crafted file.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
The vulnerabilities are confirmed in version 5.61. Other versions may also be affected.
Solution:
Do not open untrusted files.
References:
Luigi Auriemma:
Secunia:

The Wall

No comments
You need to sign in to comment