Winamp 'AVI' File Multiple Heap-based Buffer Overflow Vulnerabilities Network Vulnerability

Summary

This host is installed with Winamp and is prone to heap-based buffer overflow vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary code in the context of the application. Impact Level: System/Application

Solution

upgrade to Winamp 5.63 build 3235 or later, For updates refer to http://www.winamp.com/media-player

Insight

Errors in bmp.w5s, - when allocating memory using values from the 'strf' chunk to process BI_RGB video and UYVY video data within AVI files. - when processing decompressed TechSmith Screen Capture Codec (TSCC) data within AVI files.

Affected

Winamp version before 5.63 build 3235

References

http://forums.winamp.com/showthread.php?t=345684
http://secunia.com/advisories/46624
http://www.osvdb.org/83097
http://www.securityfocus.com/bid/54131/discuss

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4045

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe InDesign 'INDD' File Handling Remote Buffer Overflow Vulnerability
Adobe Reader/Acrobat Multiple BOF Vulnerabilities - Jun09 (Win)
Adobe Reader 'mailListIsPdf' Buffer Overflow Vulnerability (Linux)
CA eTrust PestPatrol Anti-Spyware 'ppctl.dll' ActiveX Control BOF Vulnerability
ChaSen Buffer Overflow Vulnerability (Windows)

Take action and discover your vulnerabilities