Winamp AVI And IT Files Parsing Buffer Overflow Vulnerabilities Network Vulnerability

Summary

This host is installed with Winamp and is prone to buffer overflow vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary code or cause a buffer overflow. Impact Level: Application.

Solution

Upgrade to Winamp 5.623 or later, For updates refer to http://www.winamp.com/media-player

Insight

Flaws are due to an error in, - 'in_avi.dll' plugin when parsing an AVI file with a crafted value for the number of streams or the size of the RIFF INFO chunk. - 'in_mod.dll' plugin when parsing a crafted song message data in an Impulse Tracker (IT) file.

Affected

Nullsoft Winamp version 5.622 and prior.

References

http://forums.winamp.com/showthread.php?t=332010
http://seclists.org/fulldisclosure/2011/Dec/321
http://secunia.com/advisories/46882
http://www.securityfocus.com/bid/51015/info

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3834, CVE-2011-4857

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Player Multiple Vulnerabilities - Mar09 (Win)
Amarok Player Multiple Vulnerabilities
Adobe Photoshop Multiple Buffer Overflow Vulnerabilities
Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Mac OS X)
Adobe Flash CS3 SWF Processing Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities